DWP fraud and mistakes cost an estimated £3.2bn – despite new HMRC data links

By Tony Collins

The Department for Work and Pensions’ auditors have qualified the department’s latest accounts for the 26th year in a row because of “unacceptably high” fraud and mistakes.

The high level of fraud and error is despite the DWP’s now being able to check every claimant’s benefit entitlements – particularly inconsistencies in earnings – through HMRC’s real-time information [RTI] tax system.

In 2014-15, the DWP carried out a bulk exercise to match RTI data against the DWP’s benefits information. The DWP uses RTI data to provide information on earnings as part of the calculation of claimants’ Universal Credit entitlement.

The National Audit Office, in today’s report on the DWP’s 2014-15 accounts, says that misreporting and incorrect processing of income and are responsible for estimated losses in 2014-15 of £1.12bn

A further £340m is lost through undisclosed and incorrect processing of data on living arrangements.

The DWP is the same department that’s pouring money into a protracted FOI legal battle to stop four reports on Universal Credit being published on the basis that their disclosure could affect the DWP’s “effective management of public affairs”.

The DWP publishes none of the reports on the progress or otherwise of its major projects and programmes.

One question is, in the light of the DWP’s repeatedly qualified accounts, whether the department’s officials are better or worse off running their affairs in an atmosphere of great secrecy.

Would the DWP’s senior management be able to manage the business better – and particularly the Universal Credit IT programme – if they had to publish their commissioned reports on major projects?

The added external scrutiny of business partners – including local authorities – plus MPs, journalists and the public could give extra force to attempts within the department to manage affairs more professionally.

Such is the DWP’s detachment from external scrutiny that its managers are legitimately able to decide to avoid measuring the Personal Independence Payment for fraud and error until 2016-17.

Some may wonder how any major organisation can delay measuring a major part of its business for fraud and error.

Says Amyas Morse, head of the NAO:

“We believe that the absence of up-to-date information on error rates in such a large benefit stream creates a risk that the Department is making decisions based on out-of-date measurements.”

He adds:

“Furthermore, some smaller value benefits have never undergone a (fraud and error) measurement exercise.”

Morse says the accounts DWP’s have been qualified because of the “unacceptably high level of fraud and error in benefit expenditure, other than State Pension where the level of fraud and error is lower”.

He says the accounts of the DWP and those of predecessor departments administering welfare spending, have been similarly qualified each year since 1988-89.

The DWP estimates total overpayments due to fraud and error in 2014-15 to be £3.2bn, which is 1.9%  of the total forecast benefit spending of £168.1bn.

The Department estimates the total underpayments in 2014-15 to be £1.4bn.

Morse says the DWP is not on track to achieve its target to reduce fraud and internal mistakes.

“Furthermore, the Department has reduced the pace of the roll out of Universal Credit. As a result, Universal Credit has not yet realized the £200m annual fraud and error savings originally expected by March 2015…”

This failure to meet savings targets on Universal Credit highlights the speculative nature of central government’s business case estimates of programme and project savings.

Morse said: “Issuing an audit qualification is a serious matter, and the fact that similar qualifications have been in place for such a long period of time does not lessen that seriousness.”

Fraud and error is defined as

– Official error, which arises when a benefit is paid incorrectly due to inaction, delay or a mistaken assessment by the Department, a local authority or HM Revenue and Customs;

– Claimant error, which occurs when claimants make inadvertent mistakes with no fraudulent intent; and

– Fraud, which arises when claimants deliberately seek to mislead the DWP or local authorities which administer benefits on the department’s behalf to claim money to which they are not entitled.

The DWP’s managers say the largest proportion of error enters the benefits system due to changes in claimants’ circumstances after a correct initial award.

 

FOI hearing today on DWP’s refusal to publish Universal Credit reports

By Tony Collins

External lawyers acting for the Department for Work and Pensions are due to appear before an FOI Upper Tribunal judge in London today to argue why four reports on Universal Credit should not be published.

It’s the latest step in a costly legal battle that has lasted two years so far.

A first-tier FOI tribunal judge in 2014 ordered the four reports to be published. The DWP asked for permission to appeal that decision and lost its case.  The DWP then asked an Upper Tribunal for permission to appeal and lost that case as well.

Then it asked a different Upper Tribunal judge for permission to appeal .  As a result, a 1 day hearing is taking place today.

The case takes in evidence from the DWP, the Information Commissioner, John Slater who requested 3 of the reports in question and me. Slater requested in 2012 a Universal Credit risks register, milestone schedule and issues register (which set out problems that had materialised with the Universal Credit programme).  I requested a project assessment review carried out in 2011 on the Universal Credit programme by the Cabinet Office’s Major Projects Authority.

The DWP has refused to publish the four reports – and millions of pounds worth of other similar reports.

Today the DWP will argue that the judge in an earlier Upper FOI Tribunal did not fully consider the “chilling effect” that disclosure of the reports would have on the behaviours of civil servants or consultants who helped to write the reports in question.

In essence the DWP’s lawyers are asking the judge to accept the arguments put forward against disclosure by Sarah Cox, the DWP’s main witness in the case. Cox is a former programme assurance director for Universal Credit.

Cox submitted 49 pages of evidence – plus secret evidence during a closed hearing – on why the UC reports should not be published.  She said that civil servants must be able to think the unthinkable and record the outcome of these thoughts without hesitation or fear of disclosure.

If contributors feared the reports would be routinely disclosed the documents could become “bland records” prepared with half an eye to how they would be received in the public domain.

She said the danger of damage to the public interest cannot be overstated.

Disclosure could adversely affect management of the Universal Credit programme – and “failure of proper programme management may be catastrophic”.

Emphasising the importance of effective management of risk, she referred to the banking system prior to the credit crunch and the stability of the Bank of England in that period.

“Inappropriate or premature disclosure of the information in the risk registers or the issues registers could lead to those failures occurring in government risk management with broader parallels for other project management tools.”

She then referred to “disaster myopia” – a phenomenon she said was well established in cognitive psychology.  It referred to “an underestimation of the likelihood of low frequency but high risk damage risks”.

She added: “This can result in a lack of appropriate mitigating actions, increasing the likelihood of the risk becoming an issue. In this case fear of disclosure and misinterpretation can exacerbate this myopia, leading to the toning down of the direct and forceful language used to describe risks, or worse, risks not being identified at all”.

If civil servants or consultants writing reports on projects were to downplay the risks because of a fear of disclosure, problems may be overlooked, solutions not found, or not found promptly. “Such an outcome would be seriously detrimental to the delivery of major projects.”

Cox’s evidence could appear to some to suggest the DWP was preoccupied with its image, and the image of the Universal Credit programme, in the media, and among MPs and the public. She said routine disclosure of such reports as those in question “will distract civil servants from their tasks at a crucial point in the process of programme management.

“Instead of concentrating on implementing the changes, they will be required to address stakeholder, press or wider public concerns which have been provoked by the premature disclosure of material.”

It would be unhelpful if “attention is focused on clarifying positions with stakeholders and addressing the concerns of media, opposition and interest groups in order to correct the often misleading impression created by premature disclosure”.

This issue is “magnified in a programme with as many delivery partners as Universal Credit, covering both central and local government, with implications for all territories in the UK”.

That is because of the “implications of issues for different partners are often slightly different, so that each partner may need to be given a slightly different, and tailored, response”.

This concern should not be understated, she said.

“From my experience of high profile matters which emerge with little warning, I can say that ministers and senior officials are likely to be forced to clear their diaries, cancelling planned meetings, events and other important engagements, to attend rapidly-convened meetings to discuss the handling of the premature disclosure.

“Officials in the relevant policy areas (and lawyers as appropriate) would need to set aside other essential and pressing work to prepare briefings on the likely impact of disclosure and options for next steps. ‘Lines to take’ and a stakeholder and media-handling strategy would need to be discussed, agreed and signed off by ministers.

“Ministers could also be called to respond to urgent questions tabled in Parliament, especially where the disclosure  is made in respect of a high-profile policy area. The media might press for interviews with ministers and/or senior officials, which require careful preparation…”

But, as the Information Commissioner has pointed out, disclosure of the documents under FOI is not the same as a leak to the media.

And the reports in question are now four years old and so massive media interest is unlikely. Any media interest could be managed by DWP press officers without distracting project managers.

Cox said disclosure could harm rather than assist public debate.

“Material that requires civil servants to think the unthinkable, or to consider unusual or highly unlikely events, using intentionally vivid and forceful language, at a single point in time, potentially pre-dating attempts to mitigate the position could easily distort the public perception of the real or likely situation and encourage sensationalist rather than responsible and balanced reporting.”

She said that officials may have to release further information to counteract any misunderstandings (from a misreading of the disclosed reports). But the “world of media” may ignore this further information.

Lawyers for the Information Commissioner, in their submission to today’s hearing, will argue that an earlier tribunal had not found any existence of a “chilling effect” in this case. The tribunal had not been persuaded by what the DWP had said.

The earlier tribunal had not dismissed all of the DWP’s concerns as entirely without merit. It accepted that disclosure of the documents in question “may not be a painless process for the DWP” and that there “may be some prejudice to the conduct of government of one or more of the kinds asserted by the DWP”. The tribunal was simply unpersuaded by the extent of those prejudices.

The Commissioner’s lawyers will say the earlier tribunal gave due weight to the evidence of Ms Cox but it was not obliged to agree with her.

There was no observable chilling effect from disclosures in the past where a chilling effect had been envisaged. The DWP had not provided any evidence that a chilling effect existed.

Indeed a Starting Gate Review on the Universal Credit project had been published (by Campaign4Change) after the DWP refused to release the document under FOI. The DWP had refused to publish the Starting Gate Review because of the chilling effect it would have on the contributors to such reports.

But there was no chilling effect in consequence of publication of the Starting Gate review, say the Information Commissioner’s lawyers.

The incident “illustrates that it is perfectly within the bounds of reason to be sceptical about the DWP’s assertions about the chilling effect and the like,” says the Information Commissioner’s submission to today’s hearing.

On Ms Cox’s point that disclosure of the reports in question would change behaviours of civil servants and consultants compiling the documents, the earlier tribunal had concluded that the public was entitled to expect from senior officials – and no doubt generally gets – a large measure of courage, frankness and independence in their assessments of risk and provision of advice.

The Information  Commissioner’s lawyers will today ask the judge to dismiss the DWP’s appeal.

Comment

The DWP’s evidence suggests that the reports in question today are critical to the effective delivery of Universal Credit. The reality is that excessive secrecy can make bureaucracies complacent and, in the the DWP’s case, somewhat chaotic.

When Campaign4Change asked the DWP under FOI for two Universal Credit reports – an end to end technical review carried out by IBM at a cost of £49,240 and a “delivery model assessment phases one and two” carried by McKinsey and Partners at a cost of £350,000 – the DWP mistakenly denied that the reports existed.

When we provided evidence the reports did exist the DWP said eventually that it had found them.  The DWP said in essence that the documents had been held so securely nobody knew until searching for them that they existed.

So much for the DWP’s argument that such reports are critical to the effective management of major projects.

And when Campaign4Change asked the DWP, under FOI, to supply a project assessment review report on the Universal Credit programme, officials mistakenly supplied an incorrect version of the report (a draft) to an FOI tribunal.  Officials later apologised for their mistake.

National Audit Office reports on Universal Credit do little to portray the DWP as a professional, competent and well-managed organisation.

Which all suggests that excessive secrecy within the DWP has made officials complacent and disorganised.

Continued excessive secrecy within the department could reinforce a suspicion, justified or not, that the department may not be in a strong position to run a programme as large and complex as Universal Credit.

 

 

Are councillors in Somerset ignoring the wisdom of their auditors?

By Tony Collins

It’s good to see auditors in local government doing their job well  – not accepting verbal assurances and seeking proof that all is well with an outsourced system .

But what if councillors apply a lower standard – and accept verbal assurances without checking them?

A  strong report by the South West Audit Partnership [SWAP] went to councillors at Somerset County Council’s Audit Committee on 2 July 2015. The report was about problems with an outsourced system, the Adults Integrated Solution [AIS].

Although not the original supplier, IBM has provided AIS to Somerset County Council under a 10-year outsourcing contract/joint venture – Southwest One –  that was signed in 2007.

The SWAP report said limited progress has been made in implementing the AIS-related recommendations from its 2012-2013 audit report. It added that:

– AIS performance and response times could be “less than adequate for users’ needs”.

– Southwest One was unwilling to develop a service level agreement specifically for the AIS application.

– “Poor response time has led to the disabling of enhanced audit trails/logs that would make it possible to trace and attribute user activity in the system.” SWAP added that this was “worrying” given that the data involved was “sensitive and personal”.

– SWAP had been refused access to the contract between IBM and Northgate, the original supplier of AIS.

Are verbal assurances worth anything?

Having studied AIS from time to time over 2 years, and spoken to its users, SWAP’s auditors have been reluctant, on some of their concerns, to accept verbal assurances that all is well.

When they have sought documentary evidence to support assurances it hasn’t always been forthcoming.

SWAP said in its latest report:

“Verbal assurances were provided that the ToR for AIS Programme Board had been reviewed and that roles and responsibilities in relation to system ownership had been clarified. However, no evidence was provided to support these assurances.”

Now Somerset’s audit committee has done what its auditors wouldn’t do and has accepted verbal assurances that all is well with AIS.

SWAP’s auditors had expressed a multitude of concerns about AIS. But Somerset’s officers verbally assured audit committee councillors that a single upgrade had solved all the problems.

One officer, in a statement, told Dave Orr, a Somerset resident who campaigns for openness over IBM’s relationship with the council:

“I can confirm that all of the fundamental issues raised through the [SWAP] Audit Report [on AIS] have now been addressed…

“The AIS application is one of the top systems used by local authorities for social care services in the UK. The performance issues referred to in the Audit Report were resolved by a system upgrade.”

Comment:

It’s difficult if not impossible to see how a single upgrade could address all the points SWAP made – such as the lack of a service level agreement to cover AIS or the refusal by IBM to supply a copy of its contract with Northgate.

Whenever auditors produce a hard-hitting report there will be 2 opposing sides: defenders of what’s being criticised and the auditors.

It is up to the auditors to cut through any dissimulation, obfuscation and prevarication to identify what’s going well, what isn’t, and what the uncertainties and risks are.

Auditors would not be doing their job if they always accepted verbal assurances at face value.

But what if auditors are undermined by councillors who readily accept verbal assurances from their officers who wish to defend the suppliers?

A supplier that doesn’t have to provide documentary evidence can say anything in defence of its systems and the quality of service.

Somerset’s councillors are lucky to have auditors as independently-minded as SWAP.

It’s unlikely that SWAP would accept at face value the Somerset officer’s suggestion that because AIS is widely used it’s unlikely to be a poor system.

This would be like Ford saying a particular Mondeo is unlikely to be at fault because thousands of people happily own one.

Every IT installation is different, even if the main software package is widely used. The hardware, network configuration, load on the network, facilities and interfaces installed will render every IT installation unique.

It’s conceivable that every council client of AIS could have a trouble-free service except Somerset.

Are the council’s audit committee councillors gullible to accept verbal assurances about the problems with AIS being solved without requiring proof?

Where does this leave the 775 users of Somerset’s AIS, many of whom may be having to do difficult work in managing vulnerable adults while trying to cope with what may be one of the UK’s worst outsourced systems?

Thank you to Dave Orr for providing information that made this post possible.

Pity the 775 users who use this outsourced council system?

SWAP report on AIS for Somerset County Council’s Audit Committee 2 July 2015

SWAP 2012-2013 audit report on AIS

 

 

Yet another NHS IT mess?

By Tony Collins

Last week the National Audit Office reported on the failure of the GP Extraction Service. Health officials  had signed off and paid for a contract even though the system was unfit for use.

The officials worked for organisations that have become part of the Health and Social Care Information Centre.

An unapologetic HSCIC issued a statement on its website in response to the Audit Office report. It said, in essence, that the problems with the GP Extraction Service were not the fault of the HSCIC but rather its predecessor organisations (ignoring the fact that many of the officials and contractors from those defunct organisations moved to the HSCIC).

Now it transpires that the HSCIC may have a new IT-related mess on its hands, this time one that is entirely of its own making – the e-Referral Service.

Last month the HSCIC went live with its e-Referral service without testing the system properly. It says it tested for thousands of hours but still the system went live with 9 pages of known problems.

Problems are continuing. Each time in their routine bulletins officials suggest that an upgrade will solve e-Referral’s problems. But each remedial upgrade is followed by another that does not appear to solve the problems.

The system went live on 15 June, replacing Choose and Book which was part of an earlier NHS IT disaster the £10bn National Programme for IT.

Problems more than teething?

Nobody expects a major new IT system to work perfectly first time but regular outages of the NHS e-Referral Service may suggest that it has more than teething problems.

It’s a common factor in IT-based project failures that those responsible have commissioned tests for many hours but with inadequately designed tests that did not always reflect real-world use of the system. They might also have underestimated loads on the available hardware and networks.

This means that after the system goes live it is brought down for regular hardware and software fixes that don’t solve the problems.  End-users lose faith in the system – as many GPs did with the Choose and Book system – and a misplaced optimism takes the place of realism in the thinking of managers who don’t want to admit the system may need a fundamental redesign.

On the day the e-Referral Service launched, a Monday, doctors had difficulties logging in. Software “fixes” that day made little difference. By the next day HSCIC’s optimism has set in. Its website said:

“The NHS e-Referral Service has been used by patients and professionals today to complete bookings and referrals comparable with the number on a typical Tuesday but we were continuing to see on-going performance and stability issues after yesterday’s fixes.

“We suspend access to the system at lunchtime today to implement another fix and this improved performance and stability in the afternoon.”

The “fix” also made little apparent difference. The next day, Wednesday 17 June, the entire system was “unavailable until further notice” said the HSCIC’s website.

By early evening all was apparently well. An HSCIC bulletin said:

“The NHS e-Referrals Service is now available again. We apologise for the disruption caused to users and thank everyone for their patience.”

In fact, by the next day, Thursday 18 June, all was not well. Said another bulletin:

“Yesterday’s outage enabled us to implement a number of improvements and hopefully this is reflected in your user experience today.

“This morning users reported that there were ongoing performance issues so work has now taken place to implement changes to the configuration to the NHS e-Referral Service hardware and we are currently monitoring closely to see if this resolved the issue.”

About 2 weeks later, on 30 June, HSCIC’s officials said there were ongoing problems, because of system performance in provider organisations that were processing referrals.

Was this HSCIC’s way of, again, blaming other organisations – as they did after the NAO report’s on the failure of the GP Extraction Service project? Said a statement on the HSCIC’s website on 30 June 2015:

“Since transition to the NHS e-Referral Service on Monday 15th June, we have unfortunately experienced a number of problems… Although most of the initial problems were related to poor performance of the system, some residual functional and performance issues persist and continue to affect some of our colleagues in their day-to-day working.

“Most of these on-going problems relate to the performance of the system in provider organisations that are processing referrals, though this does of course have a knock-on effect for referrers.

“Please be assured that the team are working to identify root causes and fixes for these issues.”

By last week – 2 July 2015 – HSCIC warned that it will require a “period of planned downtime on the NHS e-Referral Service tonight which is currently scheduled for between 21:00 and 23:00 for some essential maintenance to fix a high priority functional Incident.”

The fix worked – or did it? HSCIC told Government Computing: “An update was applied to the system overnight from Thursday (July 2) into Friday (July 3) which was successful.”

But …

Monday 6 July 2015 4.15pm. HSCIC e-Referral Service bulletin:

“We would like to apologise for the interruption to service between 13:15 and 13:54 today.  This was not a planned outage and we are investigating the root cause.  If any remedial activity is required we will give notice to all users. Once again please accept our sincere apologies for any inconvenience this caused.”

Why was testing inadequate?

Did senior managers go live without testing how the system would work in the real world, or did they select as test end-users only IT enthusiasts?

Perhaps managers avoided challenging the test system too much in case it gave poor results that could force a redesign.

We probably won’t know what has gone wrong unless the National Audit Office investigates. Even then it could be a year or more before a report is published. A further complicating factor is that the HSCIC itself may not know yet what has gone wrong and may be receiving conflicting reports on the cause or causes of the problems.

An IT failure? – change the organisation’s name

What’s certain is that the NHS has a history of national IT project failures which cause organisational embarrassment that’s soon assuaged by changing the name of the organisation, though the officials and contractors just switch from one to the next.

NHS Connecting for Health, which was largely responsible for the NPfIT disaster, was blended into the Department of Health’s informatics function which was then blended into the HSCIC.

Similarly the NHS Information Centre which was largely responsible for the GP Extraction Service disaster was closed in 2013 and its staff and contractors blended into the HSCIC.

Now, with the e-Referral Service, the HSCIC at least has a potential IT project mess that can be legitimately regarded as its own.

When will a centrally-run national NHS IT-based turn out to be a success? … care.data?

New SRO

Meanwhile NHS England is looking for a senior responsible owner for e-Referral Service on a salary of up to £98,453.

Usually in central government, SROs do the job as an adjunct to their normal work. It’s unusual for the NHS to employ a full-time project SRO which the NAO will probably welcome as a positive step.

But the job description is vague. NHS England says that the SRO for NHS e-Referrals programme will help with a switch from paper to digital for 100% of referrals in England by March 2018.

“The SRO … will have responsibility for the strategic and operational development of the digital journey, fulfilment of the patient and clinical process and the performance of the service. Plans to achieve the strategy will be underpinned by the delivery of short to medium term objectives, currently commissioned from HSCIC and other third party suppliers.”

Key aspects of this role will be to:-

– Ensure the strategy is formulated, understood by all stakeholders and is delivered utilising all available resources efficiently and effectively.

– Ensure the development and management of plans.

– Ensure appropriate system and processes are in place to enable the uptake and on-going use of digital referrals by GP’s, hospitals, patients and commissioners.

– Proactively manage the key risks and issues associated with ensuring appropriate actions are taken to mitigate or respond.

– Monitor and establish accountability on the overall progress of the strategy to ensure completion within agreed timescales.

– Manage the budgetary implications of activity.

– Avoid the destabilisation of business as usual.

– Manage and actively promote the relationships with key stakeholders.

The job will be fixed-term until 31/03/2017 and interviews will be held in London on the 20th July 2015.

The big challenge will be to avoid the destabilisation of business as usual – a challenge beyond the ability of one person?

Government Computing. 

Another fine NHS IT mess

Why was e-Referral Service launched with 9 pages of known problems?

National e-Referral Service unavailable until further notice

 

Another fine NHS IT mess

By Tony Collins

Today the National Audit Office reports on the General Practice Extraction Service, an IT system that allows patient data to be extracted from all GP practices in England.

The report says that Department of Health officials – who were then working for the NHS Information Centre – signed off and paid for a contract even though the system was unfit for use. The original business case for the system grossly underestimated costs.

And the system was developed using the highest-risk approach for new IT – a combination of agile principles and traditional fixed-price contract.

Some of the officials involved appear to be those who worked for NHS Connecting for Health – the organisation responsible for what has become the UK’s biggest IT-related failure, the £10bn National Programme for IT (NPfIT).

As with the NPfIT it is unlikely anyone responsible for the latest failure will be held accountable or suffer any damage to their career.

The NAO says officials made mistakes in the original procurement. “Contract management contributed to losses of public funds, through asset write-offs and settlements with suppliers.” More public money is needed to improve or replace the system.

Labour MP Meg Hillier MP, the new chairman of the Public Accounts Committee, sums up today’s NAO’s report:

“Failed government IT projects have long been an expensive cliché and, sadly for the taxpayer and service user, this is no exception.

“The expected cost of the General Practice Extraction Service ballooned from £14m to £40m, with at least £5.5m wasted on write-offs and delay costs.

“GPES has managed to provide data for just one customer – NHS England – and the data was received 4 years later than originally planned.

“While taxpayers are left picking up the tab for this failure, customers who could benefit, such as research and clinical audit organisations, are waiting around for the system to deliver what they need to improve our health service.”

Some GPs who do not want patient data to be extracted from their systems – they believe it could compromise their bond of confidentiality with patients – may be pleased the extraction system has failed to work properly.

But their concern about patient confidentiality being compromised will not make the failure of the extraction service any more palatable.

The NAO says it only learned of the failure of the extraction system through its financial audit of the Health and Social Care Information Centre. It learned that the system was not working as expected and that HSCIC had agreed to pay additional charges through a settlement with one of the main suppliers, Atos IT Services UK Ltd.

An NHS Connecting for Health legacy?

Work on the GP Extraction Service project began in 2007, first by the NHS Information Centre, and then by the HSCIC.

The NHS Information Centre closed in 2013 and responsibility transferred to the HSCIC which combines the Department of Health’s informatics functions – previously known as NHS Connecting for Health or CFH – and the former NHS Information Centre.

What went wrong 

The original business case said the extraction service would start in 2009-10, but it took until April 2014 for HSCIC to provide the first data extract to a customer.

Meanwhile other potential users of the system have found alternative sources of patient data in the absence of the HSCIC system.

The NAO says that officials changed the procurement strategy and technical design for the GPES extraction systems during the project. “This contributed to GPES being unable to provide the planned number and range of data extracts.”

The NHS Information Centre contracted with Atos to develop a tool to manage data extraction. In March 2013, the Centre accepted delivery of this system from Atos.

But officials at the HSCIC who took over the system on 1 April 2013 found that it had fundamental design flaws and did not work. “The system test did not reflect the complexity of a ‘real life’ data extract and was not comprehensive enough to identify these problems”.

To work in a ‘real life’ situation, the GPES query system needed to communicate accurately with the four separate extraction systems and other systems relying on its data.  The test officials and Atos agreed was less complex. It did not examine extractions from multiple extraction systems at once.

Nor did the test assess the complete process of extracting and then passing GPES data to third-party systems.

Fixed price and agile – a bad combination

Officials began procuring the GPES query tool in April 2009, using a fixed-price contractual model with ‘agile’ parts. The supplier and officials would agree some of the detailed needs in workshops, after they signed the contract.

But the NAO says there was already evidence in central government at this time that the contractual approach – combining agile with a fixed price – was high risk.

The NAO’s report “Shared Services in the Research Councils”reviewed how research councils had created a shared service centre, where a similarly structured IT contract failed.

In the report, Fujitsu and the shared service centre told the NAO that: “the fixed-rate contract awarded by the project proved to be unsuitable when the customers’ requirements were still unclear.”

The court case of De Beers vs. Atos Origin highlighted a similar failure.

To make matters worse officials relied too heavily on contractors for development and procurement expertise.  And 10 project managers were responsible for GPES between 2008 and 2013.

Once health officials and Atos had signed the query tool contract, they found it difficult to agree the detailed requirements. This delayed development, with Atos needing to start development work while some requirements had yet to be agreed. Officials and Atos agreed to remove some minor components. Others were built but never used by HSCIC.

A Department of Health Gateway 4 review in December 2012 found that difficulties with deciding requirements were possibly exacerbated by development being offshore.

They raised concerns about the project management approach:

“The GPET-Q [query tool] delivery is being project managed using a traditional ‘waterfall’ methodology. Given the degree of bespoke development required and the difficulties with translation of requirements during the elaboration parts of R1, the Review Team considers that, with hindsight, it might have been beneficial to have adopted an Agile Project Management approach instead.”

General Practice Extraction Service – an investigation. NAO report. 

Latest healthcare IT disaster is a reminder of how vital government digital transformation is.

 

Pity the 775 users who use this outsourced council system?

By Tony Collins

Adult care systems are a cinderella IT service for councils.

It’s rare for journalists to write about them, for good or ill, perhaps because they help council staff deal with vulnerable adults. Such systems help with payments to care home and hospice providers. They help staff organise facilities for adults with learning disabilities or dementia, and respite care for adults at risk of abuse.

One such system has 775 users in Somerset. It’s a “critical” application according to the county council there.  The Adults Integrated Solution was originally supplied by Northgate. The system became IBM’s responsibility under a 10-year outsourcing and joint venture, Southwest One.

The latest in a series of excellent reports on the system’s enduring problems by auditors the South West Audit Partnership goes to Somerset County Council’s Audit Committee today (2 July 2015).

How bad is bad?

The report says the system’s response times have been so poor  that audit trails and logs have been disabled. So how can IBM and the council trace and attribute user activity in the system – particularly one handling sensitive and personal data?

The report says this disabling of the audit trial and logs is “worrying”.

Auditors reported on the system’s weaknesses in their 2012/2013 audit report.  Since then there has been only “limited progress” in implementing recommendations, says today’s report.

On some of their priority recommendations, auditors say they have been unable to obtain documentary evidence to support implementation. They have received verbal assurances – but they remain concerned.

The report says that AIS performance and response times “can still be less than adequate for users’ needs” and IBM is unwilling to develop a service level agreement specifically for the AIS application.

Indeed IBM has refused to give the county council a copy of the AIS contract with Northgate and it was not made available to the South West Audit Partnership for its audit of the system.

This may prompt councillors to ask how the council can properly manage a critical application if it has no control over the system or the outsourcer.

Repeated audit reports on the problems appear to have left matters unresolved.

Below are some of the concerns of the South West Audit Partnership as mentioned in its 2012/2013 audit report. It reports today that it has received only “partial” assurances that these problems have been solved.

Applications could be unavailable a month or more

Said the South West Audit Partnership: “We have identified in previous audit reports that there is no tested IT disaster recovery strategy. This is a strategy that would be put into effect in the event the Somerset County Council data centre was unavailable for any reason. Although a contract has been signed with Adam Continuity, applications could still be unavailable for a month or even more.”

No formally-named business system owner

“As of November 2014, Helen Wakeling (AIS System Owner) has left Somerset County Council. The responsibility of AIS system ownership needs to be reassigned and formalised.”

Payments to care providers not properly checked?

“… there does not appear to be a process to ensure payments are authorised, appropriate, complete and accurate…

 

IBM has no contractual duty to provide a good system

“There is no contractual requirement or service level for Southwest One [IBM] to provide a platform that delivers performance and response time that is acceptable to ASC [Adult Social Care] Operations.”

Data validation?

“Data quality in AIS data is undermined by the lack of robust input validation within the AIS application.

“Client records can be created with a minimum of information. Key personal identifiers such as data of birth, NI number and NHS number do not need to be entered and this both increases the risk of duplicate records and provides less data with which to identify those that have been created…”

Is IBM hiding AIS contract from the council?

“Southwest One currently owns the contract with Northgate and would not provide SWAP with a copy. As a result SWAP [South West Audit Partnership] was not able to evaluate Northgate’s compliance with the terms of the contract including licensing requirements…”

Personal data at risk?

“It was noted that developers have access to the production environment, unmasked live production data is used by developers and vendors for testing purposes and desktops are not locked down.”

Potential for fraud?

“In addition the authorise function, a security feature available in AIS has not been implemented resulting in all authorisations occurring outside of AIS. As a result data loss, potential corruption of data, incorrect and potentially fraudulent use of the application, missed, inappropriate or additional payments, will not be identified and acted upon.”

Corrupt data?

“In spite of a recent security incident that appeared to result in some data corruption, there is no reporting in place or review of user, super user or generic user access for appropriateness.”

Can former staff still log on?

“Terminated users were identified with valid AIS access credentials. Just less than 10% of managers with access were found to be no longer employed. In addition user ids are not disabled after not being used for a period of time.”

Unattended screens?

“The time-out for the application is 1 hour. Although users typically leave the application on and lock the screen when they go out to lunch, this process is inefficient, leaving sessions unavailable for others and insecure, since the user could forget to lock their screen and allow bypass of all security.”

System security?

“We also identified in our capacity management audit that desktop lock-down is not in effect and as a result AIS data can be downloaded and copied to USB flash storage. SWAP recommended data security policies be developed and implemented …”

**

Dave Orr who has followed events at Somerset closely since the county council signed the Southwest One contract in 2007 has written to audit committee councillors about the AIS system.

One of his questions is how the council could have transferred a critical application to IBM without its being protected by any specific service level agreement.

Orr says: “I do not believe that an in-house IT service, with a head of IT in the direct employ of this council, would be allowed to leave these serious shortcomings in performance, audit logging and disaster recovery unaddressed.”

Comment

So much for the claims back in 2007, when the council and IBM formed Southwest One, that the services would be “beyond excellence”.

If this is the worst outsourced system in the UK where does that leave the 775 council users who no doubt are trying to do their best for the vulnerable adults in their community?

Thank you to Dave Orr for providing the information on which this article is based.

Universal Credit at “amber/red” says latest DWP report

By Tony Collins

The Major Projects Authority, which is part of the Cabinet Office’s Efficiency and Reform Group, has today published its annual report on 188 projects including Universal Credit, about which it makes only positive comments.

But the authority’s annual report is, it appears, economical with the actualité. At the same time as the MPA published the report, the Department for Work and Pensions published a spreadsheet with statistics and its own narrative on the state of its major projects including the Universal Credit programme.

The spreadsheet said that the UC programme had an “amber/red” rating – but neither the MPA nor the Department for Work and Pensions has given the MPA’s reasons for the rating.

At the request of permanent secretaries the MPA has agreed not to publish its comments on the traffic light status of certain projects, including Universal Credit. The MPA and the Cabinet Office have agreed to allow officials in each departmental to give their own narrative to explain the traffic light status of their projects.

So the DWP, on its website, gives a summary of the state of its major projects, but its narrative on Universal Credit says nothing about the programme’s problems. Neither is there any of the MPA’s recommendations which related to the “amber/red” rating.

In a further shrinking from openness, the MPA and Cabinet Office have agreed with permanent secretaries that the traffic light status of major projects will be published only when they are out of date. So the “amber/red” rating on Universal Credit, although published today, is dated September 2014.

Comment

It is odd in a modern democracy that a large central government department – the DWP – can spend £330m on the IT for a major project and get away with publishing such obviously contradictory information on the scheme.

On the one hand the MPA, the Cabinet Office and the DWP publish only positive comments about progress on the Universal Credit programme.

These are some of the MPA’s comments on Universal Credit:

“Delivery remains on track against plans announced in September 2014. Additionally the Programme has brought forward testing of initiatives from which the programme can learn including the:

• Continued trialling of Universal Support in partnership areas to ensure the right integrated local foundations are in place to support UC expansion.

• Extending In work progression trials to help households increase their earnings once they have found work. • Extending the role of UC Work Coaches to engage with households at their work search interview to assess financial capability.”

Similarly the DWP’s comments in its spreadsheet on the status of its major projects reads like a government press release. Why was one of the government’s major projects – the whole life project costs of UC are estimated at £15.8bn – given an amber/red status?

We don’t know. Except we know that the MPA gives an amber/red rating when it regards a programme as not on track – a programme that needs an assurance and action plan to improve confidence in delivery. Why is the programme not on track? What does the assurance and action plan say? What is the rating today?

So much for open government. Indeed the DWP’s external lawyers are going to an FOI tribunal in London next month as part of a long legal battle to stop four old reports on Universal Credit being published.

Any ministerial announcements about open government in future should, perhaps, take this unedifying FOI episode into account.

Major Projects Authority annual report 2014/2015

Do IDS and Universal Credit deserve such good publicity?

By Tony Collins

Iain DuncanSmith

One of the unwritten conventions in journalism is that is you don’t give bad publicity to a minister who gives you an exclusive interview.

Iain Duncan Smith has given an exclusive interview to the Huffington Post, one of the world’s top-ranking news websites, and it is, perhaps, no surprise that the subsequent headline says:

Iain Duncan Smith Welcomes Record Universal Credit Applications.”

That’s great news. Is the UC programme out of trouble? Are the IT
problems that were imposing artificially low limits on the number and type of claimants – such as incorrect calculations of payments – confined to history?

At one point you could not claim UC as a single person or a couple if you received Jobseeker’s Allowance, Employment and Support Allowance, Income Support, Incapacity Benefit, Severe Disablement Allowance, Disability Living Allowance or Personal Independence Payment.

universal creditYou could not claim if you owned, or partly owned, your home, were homeless, or in supported or temporary accommodation.  You could not claim if you worked but earned more than £330 a month. You could not claim if pregnant,  had disabled, adopted or fostered children.

So are the brakes off now?

The Huffington Post said:

“According to the Department of Work and Pensions (DWP), in May over 3,800 new applications were made a week for the government’s new benefit system.”

That sounds a lot. A record indeed. But a close analysis of the numbers successfully claiming UC shows that since a national roll-out of UC began in February 2015 – amid much good publicity – the increase has been small.

It appears that the UC programme’s costly IT – an investment of £344m by 31 October 2014 (Appendix f) – is still limiting the number of claimants.

dwpThis raises the question of whether the DWP’s publicity machine, with IDS at the helm, has such an influence on the media that it is able to successfully propagate its own message in the face of inconvenient facts.

This was BBC Online’s headline in February 2015: Universal Credit roll-out £600m under budget”

The Sunday Times declared that Universal Credit “is working”. The Telegraph also said that UC is working.

The facts 

The DWP’s plan is for 7 million people to claim UC but the latest figures show that the total number of claimants who had made a successful claim up to 14 May 2015 was 74,120.

This is about 1% of those potentially eligible to claim UC – 25 months after the scheme was launched in April 2013.

Has the number of claimants increased substantially since the national roll-out began in February 2015?

Before the start of the national roll-out about 35,000 people had successfully made a UC claim up to 8 January 2015. There had been an average of 2,325 new claims per week at 96 Jobcentre Plus offices.

Three months after the start of the national roll-out about 74,120 people had successfully claimed UC up to 14 May 2015. There were an average of 3,550 new claims per week at 278 Jobcentre Plus offices.

Rapid pace?

The DWP says on its website:

“Since national roll-out the rate of claims has been increasing at a rapid pace”.

But is this the case?

The number of successful UC claimants has more than doubled since the national roll-out began but the number of Jobcentre Plus offices where UC has launched have nearly tripled in the same period, from 96 in January 2015 to 278 by 14 May 2015.

And the total number of successful claimants remains tiny relative to the potential number of claimants although the DWP says it has expanded eligibility to claim UC from single people to couples and families.

According to the National Audit Office in November 2014, the DWP estimated that around 500,000 claimants would receive Universal Credit by mid‑2016. This target will not be hit at the present rate of successful claimant applications.

Comment

IDS welcomes record numbers of UC applications says the Huffington Post headline.  But almost every week there will be record numbers claiming UC.

That is the nature of a national roll-out:  numbers increase – even by small amounts. The number of applications will continually break records while the roll-out continues during 2015 and 2016.

No doubt IDS and the DWP will continue to seek a succession of media articles on the record number of UC applications. Only this week the DWP announced that UC is rolling out to 10 more jobcentres across England, Scotland and Wales.

Will the media always react complaisantly?

If it does it will be a pity – because MPs may stop asking questions about value for money in the context of the tens,  indeed hundreds, of millions being spent on UC technology with the usual major suppliers.

And if the IT and business change challenges continue to limit the number and type of applications, the total numbers of successful claimants at the end of the national roll-out could be embarrassingly tiny relative to the 7 million potential claimants – not that the DWP’s publicity machine will mind.

The machine will find a new way to sail around the facts. That’s what the DWP’s senior officials seem to believe that government PR staff exist to do.

Universal Credit statistics

Iain Duncan Smith welcome record Universal Credit applications – Huffington Post

DWP’s announcement of the national roll-out of UC

65,000 people claiming Universal Credit

What do Ben Bradshaw, Caroline Flint and Andy Burnham have in common?

By Tony Collins

Ben Bradshaw, Caroline Flint and Andy Burnham have in common in their political past something they probably wouldn’t care to draw attention to as they battle for roles in the Labour leadership.

Few people will remember that Bradshaw, Flint and Burnham were advocates – indeed staunch defenders – of what’s arguably the biggest IT-related failure of all time – the £10bn National Programme for IT [NPfIT.

Perhaps it’s unfair to mention their support for such a massive failure at the time of the leadership election.

A counter argument is that politicians should be held to account at some point for public statements they have made in Parliament in defence of a major project – in this case the largest non-military IT-related programme in the world – that many inside and outside the NHS recognised was fundamentally flawed from its outset in 2003.

Bradshaw, Flint and Burnham did concede in their NPfIT-related statements to the House of Commons that the national programme for IT had its flaws, but still they gave it their strong support and continued to attack the programme’s critics.

The following are examples of statements made by Bradshaw, Flint and Burnham in the House of Commons in support of the NPfIT, which was later abandoned.

Bradshaw, then health minister in charge of the NPfIT,  told the House of Commons in February 2008:

“We accept that there have been delays, not only in the roll-out of summary care records, but in the whole NHS IT programme.

“It is important to put on record that those delays were not because of problems with supply, delivery or systems, but pretty much entirely because we took extra time to consult on and try to address record safety and patient confidentiality, and we were absolutely right to do so…

“The health service is moving from being an organisation with fragmented or incomplete information systems to a position where national systems are integrated, record keeping is digital, patients have unprecedented access to their personal health records and health professionals will have the right information at the right time about the right patient.

“As the Health Committee has recognised in its report, the roll-out of new IT systems will save time and money for the NHS and staff, save lives and improve patient care.”

[Even today, 12 years after the launch of the National Programme for IT, the NHS does not have integrated digital records.]

Caroline Flint, then health minister in charge of the NPfIT,  told the House of Commons on 6 June 2007:

“… it is lamentable that a programme that is focused on the delivery of safer and more efficient health care in the NHS in England has been politicised and attacked for short-term partisan gain when, in fact, it is to the benefit of everyone using the NHS in England that the programme is provided with the necessary resources and support to achieve the aims that Conservative Members have acknowledged that they agree with…

“Owing to delays in some areas of the programme, far from it being overspent, there is an underspend, which is perhaps unique for a large IT programme.

“The contracts that were ably put in place in 2003 mean that committed payments are not made to suppliers until delivery has been accepted 45 days after “go live” by end-users.

“We have made advance payments to a number of suppliers to provide efficient financing mechanisms for their work in progress. However, it should be noted that the financing risk has remained with the suppliers and that guarantees for any advance payments have been made by the suppliers to the Government…

“The national programme for IT in the NHS has successfully transferred the financing and completion risk to its suppliers…”

Andy Burnham, then Health Secretary, told the House of Commons on 7 December 2009:

“He [Andrew Lansley] seems to reject the benefits of a national system across the NHS, but we do not. We believe that there are significant benefits from a national health service having a programme of IT that can link up clinicians across the system. We further believe that it is safer for patients if their records can be accessed across the system…” [which hasn’t happened].

Abandoned NHS IT plan has cost £10bn so far

New national e-Referral Service “unavailable until further notice”

By Tony Collins

The NHS e-Referral Service which launched nationally on Monday was “unavailable until further notice”, the Health and Social Care Information Centre said at 9.30am today.

“Due to issues experienced overnight the NHS e-Referral Service is unavailable until further notice while essential maintenance is performed. If you have local business continuity processes available, we recommend that you consider invoking them,” says the HSCIC on its website.

“We are working hard to resolve these issues as quickly as possible and to keep disruption to a minimum… We apologise for the disruption caused to some users and thank everyone for their patience.”

Late yesterday afternoon the Health and Social Care Information Centre warned GPs and other users of its e-Referral Service that technical problems were continuing.

The difficulties have aggravated cynicism in the GP community about the ability of centrally-based officials to implement national IT systems.

Is it too soon to question whether e-Referrals is the first IT disaster of the new government? There is also the question of whether GPs have been used as guinea pigs to test for problems with the new system.

Until the service went down GPs were in any case unable to log in or were experiencing long delays in arranging referrals. Some reverted to sending letters by post – or always did use the post and avoided the NPfIT Choose and Book system which e-Referral is replacing.

Fewer than 60% of GPs used Choose and Book to hospital appointments for patients.

On its website at 17.30 yesterday the HSCIC said:

“PLEASE PASS THIS ON TO COLLEAGUES WHO USE THE NHS e-REFERRAL SERVICE

“The NHS e-Referral Service has been used by patients and professionals today to complete bookings and referrals comparable with the number on a typical Tuesday but we were continuing to see on-going performance and stability issues after yesterday’s fixes.

“We suspend access to the system at lunchtime today to implement another fix and this improved performance and stability in the afternoon.

“We are continuing to monitor the service and will implement further fixes if required. If users notice any further issues they should log them with their local service desk in the usual way…

“We apologise for the disruption caused to some users and thank everyone for their patience.

Update 14.00 17 June

The Health and Social Care Information Centre said the e-Referral Service was still down.

“HSCIC are completing the final stage of testing a number of fixes to the NHS e-Referrals Service. It is hoped that the service will be available again later today. A further update will be issued at 15:00 today.”

Update 18.00 17 June

Said the HSCIC:

“The NHS e-Referrals Service is now available again. We apologise for the disruption caused to users and thank everyone for their patience.

Update 15.00 18 June – ongoing problems

“Yesterday’s outage enabled us to  implement a number of improvements and hopefully this is reflected in your user experience today,” said HSCIC’s website.

“This morning users reported that there were ongoing performance issues so work has now taken place to implement changes to the configuration to the NHS e-Referral Service hardware and we are currently monitoring closely to see if this resolved the issue.”