Post Office Horizon IT and last night’s Panorama

By Tony Collins

Below are excerpts from last night’s Panorama documentary [17 August 2015] on the Post Office Horizon system and complaints by about 150 subpostmasters.

panorama imageReporter John Sweeney met postmasters who said they should not have gone to jail. He also interviewed a former Fujitsu technician who said the system might have had something to do with it.

The programme asked whether innocents have gone to jail.

Sweeney: “There’s been a bit of a crime wave sweeping middle England. But have no fear. The Post Office is on the case.” He said it has caught dozens of postmasters with their hands in the till, including Jo Hamilton who stole £36,000. Or so the Post Office said. “She is no longer a postmistress. She cares for her elderly parents. Career options are limited for convicted criminals.”

Sweeney asked Hamilton: have you got a long history of committing crime?

Hamilton (a postmistress between 2003 and 2006). No. I haven’t even had a parking ticket.

Sweeney: Have you ever done anything?

Hamilton: No.

Shoplifter?

“No.”

Sweeney met Hampshire villagers who, in the grounds of Hamilton’s local church, spoke about their respect for her. The vicar said: “She is a good hard-working honest woman. She is a woman of integrity.”

Another villager: “Jo Hamilton is an honest shopkeeper. Not a very good business person – far too kind to people.” A third: “She is one of the kindest people I know.”

When Hamilton was taken to court, the village came too. Her family and 74 people from the village filled the public gallery. “The judge, I don’t think, quite believed what he was seeing,” said Hamilton.

She found herself in the dock when an audit discovered a £36,000 shortfall. The Post Office charged her with theft and false accounting. But, said Sweeney, there was no direct evidence of theft. “The case against her relied on the Post Office’s computer system Horizon.”

post boxIntroduced in 1999 Horizon handled 6 million transactions a day, from selling dollars to issuing a fishing licence.

Sweeney interviewed Charles McLachlan, a computer expert who said that the Post Office has many more branches than any UK bank.

McLachlan: “Any computer system can go wrong. What’s important is the way that you deal with things when they do go wrong.”

Sometimes Horizon transactions go astray, said Sweeney. “And that can make it look as if there is cash missing. The postmaster using the computer can make mistakes too. Usually errors like these are spotted and corrected. But Jo Hamilton found Horizon difficult to operate. When she reckoned up, the computer kept saying that cash was missing.”

Jo Hamilton

Jo Hamilton

Said Hamilton: “I rang the helpdesk and said ‘I am £2,000 down’ and she said: ‘You can do this, this and this. I did exactly what she said, and it doubled what I’d rung her up about, so then I was £4,000 down. “

Under her contract, Hamilton had to pay back any shortfalls. But the losses continued. She stopped putting in her own cash and signed off the official accounts anyway, without declaring the missing money.

Sweeney: Why on earth did you do that?

“Because I didn’t know how to get out of the situation I was in. It was such a big amount of money that I knew it would finish the shop off. And I always thought one day, naively, that it would sort itself out. You press a button and ‘bing’ – there it will be.”

She pleaded guilty to false accounting and agreed to pay the Post Office the missing £36,000. In return the theft charge was dropped. The deal kept her out of jail. But what if the computer was part of the problem?

James Arbuthnot, a campaigning MP who stood down at the last election, told Sweeney: “ I don’t think it is a criminal act which she [Hamilton] committed. I think it’s much more likely to have been a fault in the computer itself. The fact that she was pressurised into admitting a criminal act doesn’t mean this miscarriage of justice should stand. It needs to be overturned.”

Hamilton said the Post Office told her that she was the only postmaster having problems with Horizon.

Sweeney: That wasn’t true. 150 postmasters formally complained about the problems they were having with Horizon.

Institutional blindness?

Ian Henderson Second SightThe Post Office commissioned forensic accountants Second Sight to investigate the complaints about Horizon. A Second Sight investigator Ian Henderson, in his first interview, told Sweeney:

“Horizon works reasonably well if not very well most of the time. In any large IT system it is inevitable that problems will occur. What seems to have gone wrong within the Post Office is a failure to investigate properly and in detail cases where those problems occurred. It’s almost like institutional blindness.”

The Post Office has its own investigators and it brings its own prosecutions. It doesn’t have to go through the police or the Crown Prosecution Service.

Professor Mark Button, criminal justice expert said, “The Police’s work is checked by an independent organisation, the Crown Prosecution Service. In the Post Office’s situation you have the prosecutors and the investigators all working for the same organisation. It becomes much more difficult to truly separate those functions. With the Post Office that creates potential risks of miscarriages of justice.”

The Post Office said it complies with all legal requirements and has a duty to protect public money. It said it only prosecutes where there is a realistic prospect of conviction and never for the making of innocent mistakes. It said its exhaustive investigations have provided overwhelming evidence that Horizon was not responsible for missing money.

Sweeney interviewed Noel Thomas, who was an Anglesey postmaster between 1994-2005. Said Thomas, “I felt I had been a loyal servant as a postmaster and a postman before that. I started in 1965. Happy memories. “

The Post Office had a problem at the branch in 1996. “I was running another Post Office at the time in the middle of the island. I was called back and they said there was money missing from the office.”

Sweeney: “£11,000 had gone. A member of staff was sacked and Noel agreed to pay back the cash. All was well until Horizon arrived. It kept saying money was missing so Noel phoned the helpline.”

Thomas: “I said I am positive there is something wrong with the computer system because this money is disappearing. “

Sweeney: So you said to the Post Office, ‘Is there a problem with the Horizon system?’ What was their answer?

Thomas: “They said ‘none’ – that I was the only person who had a problem.”

Thomas signed off his branch accounts without declaring the missing money. When the Post Office came for an audit, he was £50,000 short. “They don’t know where the money is. I don’t know where the money is and still they haven’t found the money. I haven’t got it.”

Sweeney: Did you steal it?

No.

Can you prove you didn’t steal it?

“My style of living. I had a secondhand Saab. If I had pinched that kind of money I would have had a better car than that, believe you me. I lived a decent life. I worked hard. My wife worked hard.”

Thomas was charged with theft and false accounting. Like Jo Hamilton he said he reached a deal before going to court. He pleaded guilty to false accounting and the theft charge was dropped.

Thomas: “My barrister said you have got to plead guilty to false accounting.”

He hoped the deal would keep him out of jail when he was sentenced. “The judge came in and he said ‘nine months’ and I waited for a suspended sentence and he said ‘take him down’. I spent my 60th birthday in prison.”

But should he have been charged with theft in the first place?

Sweeney: “In paperwork was have obtained, the Post Office now says that although theft by Noel – or somebody else – can’t be ruled out, it accepts that the missing money was probably caused by ‘operational errors’.

The Post Office told Panorama it could not comment on individual cases because of confidentiality. It said Horizon is effective and robust, and is independently audited. It has been used by nearly 500,000 people and the overwhelming majority haven’t complained.

Arbuthnot believes the Post Office has unfairly prosecuted postmasters. “It’s certainly an abuse of power. It’s a big organisation bullying individuals with no ability to cope, in ways which sometimes see them sent to prison, made bankrupt, or lose their livelihood. We own this organisation. That it is behaving in this way is disgusting.”

The Post Office said it is not a bullying organisation and it has seen no evidence of miscarriages of justice. But something seems to have changed, said Sweeney. “In the 5 years up to 2014, the Post Office prosecuted an average of 33 postmasters a year. Last year it was 2.

“These prosecutions often rely heavily on the computer being right. So Horizon has to work properly. But if it doesn’t fire on all cylinders it might not be a reliable witness. Second Sight reported that bugs in the computer system had created cash shortfalls.

Henderson: “The Post Office disclosed to us 2 software bugs that had quite a significant impact on a number of branches and it took in one case over 12 months for those bugs to be detected and for the consequences to be appreciated.”

Former Fujitsu insider

Horizon is run by computer giant Fujitsu.

Sweeney: “It won’t talk about the system about it doesn’t comment on the specifics of customer contracts. But now for the first time a former insider has agreed to speak out. He says that errors on Horizon were far more widespread than has ever been reported. “

richard roll FujitsuRichard Roll, a Fujitsu computer technician between 2001-2004, told Panorama, “The office is located in Bracknell. We were on the 6th floor … there was a large team employed there… we were all full time. We were all pretty busy … a lot of errors, a lot of glitches coming through.

Sweeney: There were errors in the system?

Roll: “There were errors with the system.”

Sweeney: Some people have been ruined financially. People have gone to prison. Is it possible that suffering could have been caused because there are problems in the Horizon system?

“Yes, it is possible.”

A team of computer technicians was dealing with Horizon errors, some of which, according to Roll, could create false losses. He said that financial records were sometimes changed remotely, without the postmaster’s knowing, which the Post office has always said cannot happen.

Roll said it was possible to go “in through the back door” and make changes. He added: “Sometimes you’d be putting several lines of code in at a time. If we hadn’t done that then the counters would have stopped working.”

Sweeney: So what the Post Office are saying is untrue?

“From my perspective, yes.”

Sweeney said Roll’s evidence could call into question the reliability of the computer records. If financial data could be changed, without the knowledge of the postmaster, is it safe to rely upon the computer’s evidence?

The Post Office said it cannot edit transactions as recorded by branches and that any corrections would be shown transparently in the records. It said there was overwhelming evidence that losses were caused by user actions, including deliberate dishonest conduct.

But Horizon seems to escape scrutiny, said Sweeney. Thomas’s computers were removed and tested. But the results have now been lost. Thomas: “The Post Office said in a letter to me that they had sent them to Fujitsu for testing, and they had lost, or couldn’t find, the correspondence.”

In Jo Hamilton’s case, as well as paying back the missing money, she also had to agree not to blame Horizon. Knowing what you know now, would you have done what you did, asked Sweeney.

Hamilton: “No.I would have pleaded not guilty to theft and carried it all the way and said,’well you prove it then’. That’s what you do. You force them into court and make them produce evidence.”

Is Horizon ever on trial?

But even if a theft case goes to trial, is Horizon fully investigated?

The Post Office prosecuted Seema Misra who was a postmistress between 2005-2008 for theft and false accounting. She and her husband had invested £200,000 in their shop and post office. She struggled to get to grips with Horizon.

“When things went wrong we were told it is just you,” she said.

The Post Office gave extra training but she and her staff made dozens of calls to the Horizon helpline. The system kept showing cash shortfalls. To cut the losses she put in £20,000 of her family’s money.

Eventually, like Jo Hamilton and Noel Thomas, she signed off her accounts saying there was more cash in the till than was really there. When the Post Office audited her branch, £75,000 was missing.

She pleaded guilty to false accounting and not guilty to theft. This time the Post Office pressed ahead with the theft charges.

Sweeney: You didn’t steal a penny?

No.

So you say.

No. That is why I pleaded not guilty – so I can get justice. I haven’t taken any money. That is why I went to a trial.”

Again there was no direct evidence of theft, said Sweeney. Misra said initially that the missing money must have been lost or stolen by staff. Then, just before the trial, she heard about problems with Horizon. It became part of her defence but it didn’t convince the jury.

In tears she told Sweeney: “There is no evidence that I have taken any money and then the jury came back with the verdict guilty.”

What was your sentence?

15 months.

What was prison like?

Terrible. Terrible. It was like a nightmare. At one point I was thinking I am not going to get out of here alive.

Sweeney said that Seema Misra was jailed as a thief. “But was the star witness for the prosecution – the computer – ever properly cross examined? The expert witness for the defence doesn’t think so.”

Charles McLachlan, expert witness for Misra’s defence, said. “When I spoke to one of the Post Office investigators in relation to Seema Misra, they said that as a matter of policy, they would never consider an IT error, a computer error, as a source of discrepancy.”

Post Office and Fujitsu meeting

Misra’s jury heard about one bug in Horizon but there was no mention of any others, said Sweeney.

“Now we have details of a meeting between the Post Office and Fujitsu, held before Seema’s trial. The minutes warn of another computer bug that could cause loss of confidence in the Horizon system if widely known. The bug made money disappear. This minute goes on to say that this bug could ‘impact on ongoing legal cases where branches are disputing the integrity of Horizon data.’

“The bug did not affect Seema’s branch but it is evidence that Horizon can go wrong. So why didn’t it come out at Seema’s trial? The defence expert asked to see the technical logs of Horizon problems but they were not disclosed to him.

McLachlan: “It’s difficult for me to see how a jury could properly take a view about Seema’s guilt or innocence if they didn’t have access to an understanding of other the faults in the system.”

The jury convicted Misra unanimously but did she get a fair trial?

Sweeney: The Post Office still maintains Seema is a thief. It says it always discloses relevant documents even after a prosecution has concluded. The Post Office says that Second Sight has not identified any transaction that has been caused by a technical fault which resulted in a postmaster wrongly being held responsible for a loss.

Vindicated?

Second Sight sent its final case report to postmasters who had complained about Horizon. In the report Hamilton read notes from the original Post Office prosecution file against her, dated 17 May 2006.

Hamilton: “It says that having analysed the Horizon printout and accounting documentation, I was unable to find any evidence of theft.”

So the Post Office’s criminal investigator had found no evidence of theft. Pointing to the investigator’s notes Hamilton said, “That says there is no evidence of theft and yet they charged me with it.”

Sweeney: What does this document do for you?

“Well it vindicates everything we have been saying all the years. It means we can take the fight to them.”

Sweeney also had Post Office paperwork that suggested a theft charge made it easier to recover money.

The Post Office denied bringing prosecutions for financial reasons and said that losses and false accounting together are often sufficient evidence for a theft charge. It said false accounting can contribute towards branch losses by making it impossible to spot discrepancies. The Post Office wholly rejects the extremely serious but unsubstantiated allegations.

A new investigation

The Criminal Cases Review Commission is now investigating the convictions of 20 postmasters to see whether miscarriages of justice have occurred, among them the three cases in the Panorama programme. The sense of injustice is growing and the postmasters are determined to clear their name.

Hamilton: “We are not going to stop until they actually address what they have done and be held to account for what they have done.”

Sweeney’s concluding point: “The question now being asked is not who stole the money, but, in the first place, was there was a crime?”

Post Office response to Panorama

The Post Office wholly rejects extremely serious allegations repeated in BBC’s Panorama programme of 17 August 2015. The allegations are based on partial, selective and misleading information.

The Post Office does not prosecute people for making innocent mistakes and never has.

There is no evidence that faults with the computer system caused money to go missing at these Post Office branches .

There is evidence that user actions, including dishonest conduct, were responsible for missing money.

We are sorry if a small number of people feel they have not been treated fairly in the past but we have gone to enormous lengths to re-investigate their cases, doing everything and more than we committed to do.

All of the allegations presented in the programme have been exhaustively investigated and tested by the Post Office and various specialists over the past three years or more.   The unsubstantiated claims and theories that continue to be levelled against the Post Office are at odds with the facts and are constructed from highly partial, selective and inaccurate information.

This is about individual cases and the Post Office will not discuss those in public for very good reason.  The Criminal Cases Review Commission (CCRC) is reviewing a small number of cases involving criminal convictions. It will be provided with all available information including confidential legal material not available to others and we believe the CCRC should be allowed to complete its reviews without external comment.  We also gave a commitment of confidentiality to people who put forward cases to us for re-investigation.

The Horizon computer system is robust and effective in dealing with the six million transactions put through the system every day by our postmasters and employees at 11,500 Post Office branches. It is independently audited and meets or exceeds industry accreditations.

Background facts

Prosecutions

The Post Office has always taken its duty to act fairly, proportionately and with the public interest in mind extremely seriously.  The Prosecutions it brings are scrutinised by defence lawyers before they advise their clients and are, ultimately, ruled upon by the courts.

If money is missing from a Post Office branch and the fact that cash is missing has been dishonestly disguised by falsifying figures in the branch accounts, the Post Office is entitled to take action and does so based on the facts and circumstances of that specific case. Though rare, where there is evidence of criminal conduct, a decision may be made to prosecute.

Prosecutions are brought to determine whether there was criminal conduct in a branch, not for the Post Office’s financial considerations.

Post Office prosecutors are all experienced criminal lawyers, many of whom have significant experience in prosecuting for both Post Office and the Crown Prosecution Service.   In the rare instances that prosecutions are undertaken, the Post Office follows the Code for Crown Prosecutors (the same code as the Crown Prosecution Service).  The Code requires a prosecution to have sufficient evidence and be in the public interest, both of which are kept under review right up to and including any trial.   It means there must be sufficient evidence foreach charge – if a theft charge is brought, there must be sufficient evidence for a realistic prospect of a conviction for theft.

A charge upon which there is no evidence will inevitably fail. It is the duty of the defence lawyers to identify to the court where there is insufficient evidence to sustain a charge.  If the court agrees then the Judge must dismiss that charge.

The Post Office takes extremely seriously any allegation that there may have been a miscarriage of justice. We have seen no evidence to support this allegation.   The Post Office has a continuing duty after a prosecution has concluded to disclose any information that subsequently comes to light which might undermine its prosecution  or support the case of the defendant and continues to act in compliance with that duty.

The Horizon Computer System

Horizon is robust and effective in dealing with the six million transactions put through the system every day by our postmasters and employees at 11,500 Post Office branches. It is independently audited and meets or exceeds industry accreditations.   There have been 500,000 users of the system since it was introduced.

Nevertheless, rigorous re-investigations were undertaken into claims made by 136 mainly former postmasters that the system caused losses in their branches.

There is overwhelming evidence that the losses complained of were caused by user actions, including in some cases deliberate dishonest conduct. The investigations have not identified any transaction caused by a technical fault in Horizon which resulted in a postmaster wrongly being held responsible for a loss of money.

There is also no evidence of transactions recorded by branches being altered through ‘remote access’ to the system.  Transactions as they are recorded by branches cannot be edited and the Panorama programme did not show anything that contradicts this.

Resolution of cases

The Post Office was approached in 2012 by a small number of largely former Postmasters and MPs with the concern that faults in the Horizon computer system had caused losses at their Post Office branches.

In response the Post Office set up an independent inquiry and, when that found nothing wrong with the system, established a scheme to enable people to put forward individual complaints, providing financial support to those making claims so that they could obtain independent professional advice.

There were 150 cases put forward, 43 of which involved criminal convictions.

A number of the cases are now resolved, through mediation or otherwise, and the remainder of cases where the courts have not previously ruled have been put forward for mediation.

Mediation is overseen by the Centre for Effective Dispute Resolution (CEDR), an established leading and entirely independent organisation.   Those who have been offered mediation can still exercise their available rights if mediation is not successful – mediation itself doesn’t stop that.

Mediation cannot overturn a previous court ruling – only the courts can do so.

Trouble at the Post Office – Panorama

Operational errors could have caused loss at Post Office – BBC

Post Office’s Horizon IT and tonight’s BBC Panorama

By Tony Collins

This evening BBC1 is due to broadcast a Panorama [7.30pm] on the Post Office’s Horizon IT system and complaints by more than 100 subpostmasters.

The Radio Times says of the programme:

“Dozens of sub-postmasters have been prosecuted after their computers showed that money had gone missing, but could there be other explanations for the cash shortfalls? John Sweeney meets a whistleblower who says there were problems with the IT system, and also investigates claims that the Post Office charged some with theft even when the evidence didn’t stack up.”

John Sweeney is one of the most dogged reporters in TV. Another journalist Nick Wallis helped in the making of the programme. He has already presented short documentaries on the Horizon system and the complaints of subpostmasters on BBC’s “One” programme.

The broadcast is likely to add weight to a Parliamentary campaign for justice for subpostmasters who have been made bankrupt, lost their homes and livelihoods, gone to jail or had to pay to the Post Office tens of thousands of pounds the Horizon system said they owed.

The Post Office says that exhaustive investigations have shown there is no systemic fault with Horizon.

Last month the PO urged aggrieved subpostmasters to “engage” with its mediation scheme. But the campaigning group the “Justice for Subpostmasters Alliance” says that it is “not aware of a single case that has been to a Mediation meeting where the applicant has been the slightest bit happy with the outcome, or that the meeting brought resolution between the two parties, which was the stated aim of the Scheme”.

It adds that the Alliance is “aware of a number of cases that have been to Mediation meetings where the applicants have been left distraught and angry at Post Office’s unwillingness to listen or even consider the issues that they have raised”.

The PO says it acknowledges that the mediation scheme has “taken longer than all those involved would have liked”. It adds in an email to subpostmasters: “However, we do now have the opportunity to sit down with you and your professional adviser if you have one, to discuss your complaint in detail and look forward to the opportunity to do so”.

Comment

BBC2 has been running a series on the Post Office, “Signed, Sealed, Delivered – inside the Post Office” which was filmed with the PO’s co-operation.

In part it shows the PO’s difficulties trying to recruit subpostmasters for local post offices that may otherwise face closure. The government has said the Post Office must keep all of its 11,500 branches open. Not allowing a single branch to close is a huge challenge for the Post Office.

Now another part of the BBC is due to broadcast a Panorama programme on how some subpostmasters have had their lives ruined when they have run into difficulties that involve the Horizon system.

Are those difficulties one reason the PO is struggling to recruit 600 subpostmasters to keep some local post offices alive?

The pressure on the PO to take unambiguous action to right the perception of a massive injustice is growing. Aside from the bad publicity, and the campaign for justice led by MPs, next month a tribunal is due to take place of Fozia Rashid who claims she was sacked from the Post Office’s Knaresborough High Street branch, in July 2013, after witnessing and attempting to report a series of criminal activities, including potential institutional fraud and errors in the Horizon software. Her hearing starts on 3 September 2015 in Leeds.

She says on Twitter that the Post Office has made her offers to settle. Any publicity of the case is unlikely to make it easier for the Post Office to recruit more subpostmasters.

When will the PO accept that more than 100 people, many of whom signed up in search of an idyllic village life running a local post office,  cannot all have been dishonest and were likely victims of circumstances beyond their control?

Tonight’s Panorama is well worth watching.

Jailed and bankrupt because of “unfit” IT?

Post Office looking to replace Horizon? – Computer Weekly

Decent lives destroyed by the Post Office? – Daily Mail

Post Office “failings” over cash shortage investigations – BBC

MPs attack Post Office subpostmaster mediation scheme

Justice for Subpostmasters Alliance

DWP fraud and mistakes cost an estimated £3.2bn – despite new HMRC data links

By Tony Collins

The Department for Work and Pensions’ auditors have qualified the department’s latest accounts for the 26th year in a row because of “unacceptably high” fraud and mistakes.

The high level of fraud and error is despite the DWP’s now being able to check every claimant’s benefit entitlements – particularly inconsistencies in earnings – through HMRC’s real-time information [RTI] tax system.

In 2014-15, the DWP carried out a bulk exercise to match RTI data against the DWP’s benefits information. The DWP uses RTI data to provide information on earnings as part of the calculation of claimants’ Universal Credit entitlement.

The National Audit Office, in today’s report on the DWP’s 2014-15 accounts, says that misreporting and incorrect processing of income and are responsible for estimated losses in 2014-15 of £1.12bn

A further £340m is lost through undisclosed and incorrect processing of data on living arrangements.

The DWP is the same department that’s pouring money into a protracted FOI legal battle to stop four reports on Universal Credit being published on the basis that their disclosure could affect the DWP’s “effective management of public affairs”.

The DWP publishes none of the reports on the progress or otherwise of its major projects and programmes.

One question is, in the light of the DWP’s repeatedly qualified accounts, whether the department’s officials are better or worse off running their affairs in an atmosphere of great secrecy.

Would the DWP’s senior management be able to manage the business better – and particularly the Universal Credit IT programme – if they had to publish their commissioned reports on major projects?

The added external scrutiny of business partners – including local authorities – plus MPs, journalists and the public could give extra force to attempts within the department to manage affairs more professionally.

Such is the DWP’s detachment from external scrutiny that its managers are legitimately able to decide to avoid measuring the Personal Independence Payment for fraud and error until 2016-17.

Some may wonder how any major organisation can delay measuring a major part of its business for fraud and error.

Says Amyas Morse, head of the NAO:

“We believe that the absence of up-to-date information on error rates in such a large benefit stream creates a risk that the Department is making decisions based on out-of-date measurements.”

He adds:

“Furthermore, some smaller value benefits have never undergone a (fraud and error) measurement exercise.”

Morse says the accounts DWP’s have been qualified because of the “unacceptably high level of fraud and error in benefit expenditure, other than State Pension where the level of fraud and error is lower”.

He says the accounts of the DWP and those of predecessor departments administering welfare spending, have been similarly qualified each year since 1988-89.

The DWP estimates total overpayments due to fraud and error in 2014-15 to be £3.2bn, which is 1.9%  of the total forecast benefit spending of £168.1bn.

The Department estimates the total underpayments in 2014-15 to be £1.4bn.

Morse says the DWP is not on track to achieve its target to reduce fraud and internal mistakes.

“Furthermore, the Department has reduced the pace of the roll out of Universal Credit. As a result, Universal Credit has not yet realized the £200m annual fraud and error savings originally expected by March 2015…”

This failure to meet savings targets on Universal Credit highlights the speculative nature of central government’s business case estimates of programme and project savings.

Morse said: “Issuing an audit qualification is a serious matter, and the fact that similar qualifications have been in place for such a long period of time does not lessen that seriousness.”

Fraud and error is defined as

– Official error, which arises when a benefit is paid incorrectly due to inaction, delay or a mistaken assessment by the Department, a local authority or HM Revenue and Customs;

– Claimant error, which occurs when claimants make inadvertent mistakes with no fraudulent intent; and

– Fraud, which arises when claimants deliberately seek to mislead the DWP or local authorities which administer benefits on the department’s behalf to claim money to which they are not entitled.

The DWP’s managers say the largest proportion of error enters the benefits system due to changes in claimants’ circumstances after a correct initial award.

 

FOI hearing today on DWP’s refusal to publish Universal Credit reports

By Tony Collins

External lawyers acting for the Department for Work and Pensions are due to appear before an FOI Upper Tribunal judge in London today to argue why four reports on Universal Credit should not be published.

It’s the latest step in a costly legal battle that has lasted two years so far.

A first-tier FOI tribunal judge in 2014 ordered the four reports to be published. The DWP asked for permission to appeal that decision and lost its case.  The DWP then asked an Upper Tribunal for permission to appeal and lost that case as well.

Then it asked a different Upper Tribunal judge for permission to appeal .  As a result, a 1 day hearing is taking place today.

The case takes in evidence from the DWP, the Information Commissioner, John Slater who requested 3 of the reports in question and me. Slater requested in 2012 a Universal Credit risks register, milestone schedule and issues register (which set out problems that had materialised with the Universal Credit programme).  I requested a project assessment review carried out in 2011 on the Universal Credit programme by the Cabinet Office’s Major Projects Authority.

The DWP has refused to publish the four reports – and millions of pounds worth of other similar reports.

Today the DWP will argue that the judge in an earlier Upper FOI Tribunal did not fully consider the “chilling effect” that disclosure of the reports would have on the behaviours of civil servants or consultants who helped to write the reports in question.

In essence the DWP’s lawyers are asking the judge to accept the arguments put forward against disclosure by Sarah Cox, the DWP’s main witness in the case. Cox is a former programme assurance director for Universal Credit.

Cox submitted 49 pages of evidence – plus secret evidence during a closed hearing – on why the UC reports should not be published.  She said that civil servants must be able to think the unthinkable and record the outcome of these thoughts without hesitation or fear of disclosure.

If contributors feared the reports would be routinely disclosed the documents could become “bland records” prepared with half an eye to how they would be received in the public domain.

She said the danger of damage to the public interest cannot be overstated.

Disclosure could adversely affect management of the Universal Credit programme – and “failure of proper programme management may be catastrophic”.

Emphasising the importance of effective management of risk, she referred to the banking system prior to the credit crunch and the stability of the Bank of England in that period.

“Inappropriate or premature disclosure of the information in the risk registers or the issues registers could lead to those failures occurring in government risk management with broader parallels for other project management tools.”

She then referred to “disaster myopia” – a phenomenon she said was well established in cognitive psychology.  It referred to “an underestimation of the likelihood of low frequency but high risk damage risks”.

She added: “This can result in a lack of appropriate mitigating actions, increasing the likelihood of the risk becoming an issue. In this case fear of disclosure and misinterpretation can exacerbate this myopia, leading to the toning down of the direct and forceful language used to describe risks, or worse, risks not being identified at all”.

If civil servants or consultants writing reports on projects were to downplay the risks because of a fear of disclosure, problems may be overlooked, solutions not found, or not found promptly. “Such an outcome would be seriously detrimental to the delivery of major projects.”

Cox’s evidence could appear to some to suggest the DWP was preoccupied with its image, and the image of the Universal Credit programme, in the media, and among MPs and the public. She said routine disclosure of such reports as those in question “will distract civil servants from their tasks at a crucial point in the process of programme management.

“Instead of concentrating on implementing the changes, they will be required to address stakeholder, press or wider public concerns which have been provoked by the premature disclosure of material.”

It would be unhelpful if “attention is focused on clarifying positions with stakeholders and addressing the concerns of media, opposition and interest groups in order to correct the often misleading impression created by premature disclosure”.

This issue is “magnified in a programme with as many delivery partners as Universal Credit, covering both central and local government, with implications for all territories in the UK”.

That is because of the “implications of issues for different partners are often slightly different, so that each partner may need to be given a slightly different, and tailored, response”.

This concern should not be understated, she said.

“From my experience of high profile matters which emerge with little warning, I can say that ministers and senior officials are likely to be forced to clear their diaries, cancelling planned meetings, events and other important engagements, to attend rapidly-convened meetings to discuss the handling of the premature disclosure.

“Officials in the relevant policy areas (and lawyers as appropriate) would need to set aside other essential and pressing work to prepare briefings on the likely impact of disclosure and options for next steps. ‘Lines to take’ and a stakeholder and media-handling strategy would need to be discussed, agreed and signed off by ministers.

“Ministers could also be called to respond to urgent questions tabled in Parliament, especially where the disclosure  is made in respect of a high-profile policy area. The media might press for interviews with ministers and/or senior officials, which require careful preparation…”

But, as the Information Commissioner has pointed out, disclosure of the documents under FOI is not the same as a leak to the media.

And the reports in question are now four years old and so massive media interest is unlikely. Any media interest could be managed by DWP press officers without distracting project managers.

Cox said disclosure could harm rather than assist public debate.

“Material that requires civil servants to think the unthinkable, or to consider unusual or highly unlikely events, using intentionally vivid and forceful language, at a single point in time, potentially pre-dating attempts to mitigate the position could easily distort the public perception of the real or likely situation and encourage sensationalist rather than responsible and balanced reporting.”

She said that officials may have to release further information to counteract any misunderstandings (from a misreading of the disclosed reports). But the “world of media” may ignore this further information.

Lawyers for the Information Commissioner, in their submission to today’s hearing, will argue that an earlier tribunal had not found any existence of a “chilling effect” in this case. The tribunal had not been persuaded by what the DWP had said.

The earlier tribunal had not dismissed all of the DWP’s concerns as entirely without merit. It accepted that disclosure of the documents in question “may not be a painless process for the DWP” and that there “may be some prejudice to the conduct of government of one or more of the kinds asserted by the DWP”. The tribunal was simply unpersuaded by the extent of those prejudices.

The Commissioner’s lawyers will say the earlier tribunal gave due weight to the evidence of Ms Cox but it was not obliged to agree with her.

There was no observable chilling effect from disclosures in the past where a chilling effect had been envisaged. The DWP had not provided any evidence that a chilling effect existed.

Indeed a Starting Gate Review on the Universal Credit project had been published (by Campaign4Change) after the DWP refused to release the document under FOI. The DWP had refused to publish the Starting Gate Review because of the chilling effect it would have on the contributors to such reports.

But there was no chilling effect in consequence of publication of the Starting Gate review, say the Information Commissioner’s lawyers.

The incident “illustrates that it is perfectly within the bounds of reason to be sceptical about the DWP’s assertions about the chilling effect and the like,” says the Information Commissioner’s submission to today’s hearing.

On Ms Cox’s point that disclosure of the reports in question would change behaviours of civil servants and consultants compiling the documents, the earlier tribunal had concluded that the public was entitled to expect from senior officials – and no doubt generally gets – a large measure of courage, frankness and independence in their assessments of risk and provision of advice.

The Information  Commissioner’s lawyers will today ask the judge to dismiss the DWP’s appeal.

Comment

The DWP’s evidence suggests that the reports in question today are critical to the effective delivery of Universal Credit. The reality is that excessive secrecy can make bureaucracies complacent and, in the the DWP’s case, somewhat chaotic.

When Campaign4Change asked the DWP under FOI for two Universal Credit reports – an end to end technical review carried out by IBM at a cost of £49,240 and a “delivery model assessment phases one and two” carried by McKinsey and Partners at a cost of £350,000 – the DWP mistakenly denied that the reports existed.

When we provided evidence the reports did exist the DWP said eventually that it had found them.  The DWP said in essence that the documents had been held so securely nobody knew until searching for them that they existed.

So much for the DWP’s argument that such reports are critical to the effective management of major projects.

And when Campaign4Change asked the DWP, under FOI, to supply a project assessment review report on the Universal Credit programme, officials mistakenly supplied an incorrect version of the report (a draft) to an FOI tribunal.  Officials later apologised for their mistake.

National Audit Office reports on Universal Credit do little to portray the DWP as a professional, competent and well-managed organisation.

Which all suggests that excessive secrecy within the DWP has made officials complacent and disorganised.

Continued excessive secrecy within the department could reinforce a suspicion, justified or not, that the department may not be in a strong position to run a programme as large and complex as Universal Credit.

 

 

Are councillors in Somerset ignoring the wisdom of their auditors?

By Tony Collins

It’s good to see auditors in local government doing their job well  – not accepting verbal assurances and seeking proof that all is well with an outsourced system .

But what if councillors apply a lower standard – and accept verbal assurances without checking them?

A  strong report by the South West Audit Partnership [SWAP] went to councillors at Somerset County Council’s Audit Committee on 2 July 2015. The report was about problems with an outsourced system, the Adults Integrated Solution [AIS].

Although not the original supplier, IBM has provided AIS to Somerset County Council under a 10-year outsourcing contract/joint venture – Southwest One –  that was signed in 2007.

The SWAP report said limited progress has been made in implementing the AIS-related recommendations from its 2012-2013 audit report. It added that:

– AIS performance and response times could be “less than adequate for users’ needs”.

– Southwest One was unwilling to develop a service level agreement specifically for the AIS application.

– “Poor response time has led to the disabling of enhanced audit trails/logs that would make it possible to trace and attribute user activity in the system.” SWAP added that this was “worrying” given that the data involved was “sensitive and personal”.

– SWAP had been refused access to the contract between IBM and Northgate, the original supplier of AIS.

Are verbal assurances worth anything?

Having studied AIS from time to time over 2 years, and spoken to its users, SWAP’s auditors have been reluctant, on some of their concerns, to accept verbal assurances that all is well.

When they have sought documentary evidence to support assurances it hasn’t always been forthcoming.

SWAP said in its latest report:

“Verbal assurances were provided that the ToR for AIS Programme Board had been reviewed and that roles and responsibilities in relation to system ownership had been clarified. However, no evidence was provided to support these assurances.”

Now Somerset’s audit committee has done what its auditors wouldn’t do and has accepted verbal assurances that all is well with AIS.

SWAP’s auditors had expressed a multitude of concerns about AIS. But Somerset’s officers verbally assured audit committee councillors that a single upgrade had solved all the problems.

One officer, in a statement, told Dave Orr, a Somerset resident who campaigns for openness over IBM’s relationship with the council:

“I can confirm that all of the fundamental issues raised through the [SWAP] Audit Report [on AIS] have now been addressed…

“The AIS application is one of the top systems used by local authorities for social care services in the UK. The performance issues referred to in the Audit Report were resolved by a system upgrade.”

Comment:

It’s difficult if not impossible to see how a single upgrade could address all the points SWAP made – such as the lack of a service level agreement to cover AIS or the refusal by IBM to supply a copy of its contract with Northgate.

Whenever auditors produce a hard-hitting report there will be 2 opposing sides: defenders of what’s being criticised and the auditors.

It is up to the auditors to cut through any dissimulation, obfuscation and prevarication to identify what’s going well, what isn’t, and what the uncertainties and risks are.

Auditors would not be doing their job if they always accepted verbal assurances at face value.

But what if auditors are undermined by councillors who readily accept verbal assurances from their officers who wish to defend the suppliers?

A supplier that doesn’t have to provide documentary evidence can say anything in defence of its systems and the quality of service.

Somerset’s councillors are lucky to have auditors as independently-minded as SWAP.

It’s unlikely that SWAP would accept at face value the Somerset officer’s suggestion that because AIS is widely used it’s unlikely to be a poor system.

This would be like Ford saying a particular Mondeo is unlikely to be at fault because thousands of people happily own one.

Every IT installation is different, even if the main software package is widely used. The hardware, network configuration, load on the network, facilities and interfaces installed will render every IT installation unique.

It’s conceivable that every council client of AIS could have a trouble-free service except Somerset.

Are the council’s audit committee councillors gullible to accept verbal assurances about the problems with AIS being solved without requiring proof?

Where does this leave the 775 users of Somerset’s AIS, many of whom may be having to do difficult work in managing vulnerable adults while trying to cope with what may be one of the UK’s worst outsourced systems?

Thank you to Dave Orr for providing information that made this post possible.

Pity the 775 users who use this outsourced council system?

SWAP report on AIS for Somerset County Council’s Audit Committee 2 July 2015

SWAP 2012-2013 audit report on AIS

 

 

Yet another NHS IT mess?

By Tony Collins

Last week the National Audit Office reported on the failure of the GP Extraction Service. Health officials  had signed off and paid for a contract even though the system was unfit for use.

The officials worked for organisations that have become part of the Health and Social Care Information Centre.

An unapologetic HSCIC issued a statement on its website in response to the Audit Office report. It said, in essence, that the problems with the GP Extraction Service were not the fault of the HSCIC but rather its predecessor organisations (ignoring the fact that many of the officials and contractors from those defunct organisations moved to the HSCIC).

Now it transpires that the HSCIC may have a new IT-related mess on its hands, this time one that is entirely of its own making – the e-Referral Service.

Last month the HSCIC went live with its e-Referral service without testing the system properly. It says it tested for thousands of hours but still the system went live with 9 pages of known problems.

Problems are continuing. Each time in their routine bulletins officials suggest that an upgrade will solve e-Referral’s problems. But each remedial upgrade is followed by another that does not appear to solve the problems.

The system went live on 15 June, replacing Choose and Book which was part of an earlier NHS IT disaster the £10bn National Programme for IT.

Problems more than teething?

Nobody expects a major new IT system to work perfectly first time but regular outages of the NHS e-Referral Service may suggest that it has more than teething problems.

It’s a common factor in IT-based project failures that those responsible have commissioned tests for many hours but with inadequately designed tests that did not always reflect real-world use of the system. They might also have underestimated loads on the available hardware and networks.

This means that after the system goes live it is brought down for regular hardware and software fixes that don’t solve the problems.  End-users lose faith in the system – as many GPs did with the Choose and Book system – and a misplaced optimism takes the place of realism in the thinking of managers who don’t want to admit the system may need a fundamental redesign.

On the day the e-Referral Service launched, a Monday, doctors had difficulties logging in. Software “fixes” that day made little difference. By the next day HSCIC’s optimism has set in. Its website said:

“The NHS e-Referral Service has been used by patients and professionals today to complete bookings and referrals comparable with the number on a typical Tuesday but we were continuing to see on-going performance and stability issues after yesterday’s fixes.

“We suspend access to the system at lunchtime today to implement another fix and this improved performance and stability in the afternoon.”

The “fix” also made little apparent difference. The next day, Wednesday 17 June, the entire system was “unavailable until further notice” said the HSCIC’s website.

By early evening all was apparently well. An HSCIC bulletin said:

“The NHS e-Referrals Service is now available again. We apologise for the disruption caused to users and thank everyone for their patience.”

In fact, by the next day, Thursday 18 June, all was not well. Said another bulletin:

“Yesterday’s outage enabled us to implement a number of improvements and hopefully this is reflected in your user experience today.

“This morning users reported that there were ongoing performance issues so work has now taken place to implement changes to the configuration to the NHS e-Referral Service hardware and we are currently monitoring closely to see if this resolved the issue.”

About 2 weeks later, on 30 June, HSCIC’s officials said there were ongoing problems, because of system performance in provider organisations that were processing referrals.

Was this HSCIC’s way of, again, blaming other organisations – as they did after the NAO report’s on the failure of the GP Extraction Service project? Said a statement on the HSCIC’s website on 30 June 2015:

“Since transition to the NHS e-Referral Service on Monday 15th June, we have unfortunately experienced a number of problems… Although most of the initial problems were related to poor performance of the system, some residual functional and performance issues persist and continue to affect some of our colleagues in their day-to-day working.

“Most of these on-going problems relate to the performance of the system in provider organisations that are processing referrals, though this does of course have a knock-on effect for referrers.

“Please be assured that the team are working to identify root causes and fixes for these issues.”

By last week – 2 July 2015 – HSCIC warned that it will require a “period of planned downtime on the NHS e-Referral Service tonight which is currently scheduled for between 21:00 and 23:00 for some essential maintenance to fix a high priority functional Incident.”

The fix worked – or did it? HSCIC told Government Computing: “An update was applied to the system overnight from Thursday (July 2) into Friday (July 3) which was successful.”

But …

Monday 6 July 2015 4.15pm. HSCIC e-Referral Service bulletin:

“We would like to apologise for the interruption to service between 13:15 and 13:54 today.  This was not a planned outage and we are investigating the root cause.  If any remedial activity is required we will give notice to all users. Once again please accept our sincere apologies for any inconvenience this caused.”

Why was testing inadequate?

Did senior managers go live without testing how the system would work in the real world, or did they select as test end-users only IT enthusiasts?

Perhaps managers avoided challenging the test system too much in case it gave poor results that could force a redesign.

We probably won’t know what has gone wrong unless the National Audit Office investigates. Even then it could be a year or more before a report is published. A further complicating factor is that the HSCIC itself may not know yet what has gone wrong and may be receiving conflicting reports on the cause or causes of the problems.

An IT failure? – change the organisation’s name

What’s certain is that the NHS has a history of national IT project failures which cause organisational embarrassment that’s soon assuaged by changing the name of the organisation, though the officials and contractors just switch from one to the next.

NHS Connecting for Health, which was largely responsible for the NPfIT disaster, was blended into the Department of Health’s informatics function which was then blended into the HSCIC.

Similarly the NHS Information Centre which was largely responsible for the GP Extraction Service disaster was closed in 2013 and its staff and contractors blended into the HSCIC.

Now, with the e-Referral Service, the HSCIC at least has a potential IT project mess that can be legitimately regarded as its own.

When will a centrally-run national NHS IT-based turn out to be a success? … care.data?

New SRO

Meanwhile NHS England is looking for a senior responsible owner for e-Referral Service on a salary of up to £98,453.

Usually in central government, SROs do the job as an adjunct to their normal work. It’s unusual for the NHS to employ a full-time project SRO which the NAO will probably welcome as a positive step.

But the job description is vague. NHS England says that the SRO for NHS e-Referrals programme will help with a switch from paper to digital for 100% of referrals in England by March 2018.

“The SRO … will have responsibility for the strategic and operational development of the digital journey, fulfilment of the patient and clinical process and the performance of the service. Plans to achieve the strategy will be underpinned by the delivery of short to medium term objectives, currently commissioned from HSCIC and other third party suppliers.”

Key aspects of this role will be to:-

– Ensure the strategy is formulated, understood by all stakeholders and is delivered utilising all available resources efficiently and effectively.

– Ensure the development and management of plans.

– Ensure appropriate system and processes are in place to enable the uptake and on-going use of digital referrals by GP’s, hospitals, patients and commissioners.

– Proactively manage the key risks and issues associated with ensuring appropriate actions are taken to mitigate or respond.

– Monitor and establish accountability on the overall progress of the strategy to ensure completion within agreed timescales.

– Manage the budgetary implications of activity.

– Avoid the destabilisation of business as usual.

– Manage and actively promote the relationships with key stakeholders.

The job will be fixed-term until 31/03/2017 and interviews will be held in London on the 20th July 2015.

The big challenge will be to avoid the destabilisation of business as usual – a challenge beyond the ability of one person?

Government Computing. 

Another fine NHS IT mess

Why was e-Referral Service launched with 9 pages of known problems?

National e-Referral Service unavailable until further notice

 

Another fine NHS IT mess

By Tony Collins

Today the National Audit Office reports on the General Practice Extraction Service, an IT system that allows patient data to be extracted from all GP practices in England.

The report says that Department of Health officials – who were then working for the NHS Information Centre – signed off and paid for a contract even though the system was unfit for use. The original business case for the system grossly underestimated costs.

And the system was developed using the highest-risk approach for new IT – a combination of agile principles and traditional fixed-price contract.

Some of the officials involved appear to be those who worked for NHS Connecting for Health – the organisation responsible for what has become the UK’s biggest IT-related failure, the £10bn National Programme for IT (NPfIT).

As with the NPfIT it is unlikely anyone responsible for the latest failure will be held accountable or suffer any damage to their career.

The NAO says officials made mistakes in the original procurement. “Contract management contributed to losses of public funds, through asset write-offs and settlements with suppliers.” More public money is needed to improve or replace the system.

Labour MP Meg Hillier MP, the new chairman of the Public Accounts Committee, sums up today’s NAO’s report:

“Failed government IT projects have long been an expensive cliché and, sadly for the taxpayer and service user, this is no exception.

“The expected cost of the General Practice Extraction Service ballooned from £14m to £40m, with at least £5.5m wasted on write-offs and delay costs.

“GPES has managed to provide data for just one customer – NHS England – and the data was received 4 years later than originally planned.

“While taxpayers are left picking up the tab for this failure, customers who could benefit, such as research and clinical audit organisations, are waiting around for the system to deliver what they need to improve our health service.”

Some GPs who do not want patient data to be extracted from their systems – they believe it could compromise their bond of confidentiality with patients – may be pleased the extraction system has failed to work properly.

But their concern about patient confidentiality being compromised will not make the failure of the extraction service any more palatable.

The NAO says it only learned of the failure of the extraction system through its financial audit of the Health and Social Care Information Centre. It learned that the system was not working as expected and that HSCIC had agreed to pay additional charges through a settlement with one of the main suppliers, Atos IT Services UK Ltd.

An NHS Connecting for Health legacy?

Work on the GP Extraction Service project began in 2007, first by the NHS Information Centre, and then by the HSCIC.

The NHS Information Centre closed in 2013 and responsibility transferred to the HSCIC which combines the Department of Health’s informatics functions – previously known as NHS Connecting for Health or CFH – and the former NHS Information Centre.

What went wrong 

The original business case said the extraction service would start in 2009-10, but it took until April 2014 for HSCIC to provide the first data extract to a customer.

Meanwhile other potential users of the system have found alternative sources of patient data in the absence of the HSCIC system.

The NAO says that officials changed the procurement strategy and technical design for the GPES extraction systems during the project. “This contributed to GPES being unable to provide the planned number and range of data extracts.”

The NHS Information Centre contracted with Atos to develop a tool to manage data extraction. In March 2013, the Centre accepted delivery of this system from Atos.

But officials at the HSCIC who took over the system on 1 April 2013 found that it had fundamental design flaws and did not work. “The system test did not reflect the complexity of a ‘real life’ data extract and was not comprehensive enough to identify these problems”.

To work in a ‘real life’ situation, the GPES query system needed to communicate accurately with the four separate extraction systems and other systems relying on its data.  The test officials and Atos agreed was less complex. It did not examine extractions from multiple extraction systems at once.

Nor did the test assess the complete process of extracting and then passing GPES data to third-party systems.

Fixed price and agile – a bad combination

Officials began procuring the GPES query tool in April 2009, using a fixed-price contractual model with ‘agile’ parts. The supplier and officials would agree some of the detailed needs in workshops, after they signed the contract.

But the NAO says there was already evidence in central government at this time that the contractual approach – combining agile with a fixed price – was high risk.

The NAO’s report “Shared Services in the Research Councils”reviewed how research councils had created a shared service centre, where a similarly structured IT contract failed.

In the report, Fujitsu and the shared service centre told the NAO that: “the fixed-rate contract awarded by the project proved to be unsuitable when the customers’ requirements were still unclear.”

The court case of De Beers vs. Atos Origin highlighted a similar failure.

To make matters worse officials relied too heavily on contractors for development and procurement expertise.  And 10 project managers were responsible for GPES between 2008 and 2013.

Once health officials and Atos had signed the query tool contract, they found it difficult to agree the detailed requirements. This delayed development, with Atos needing to start development work while some requirements had yet to be agreed. Officials and Atos agreed to remove some minor components. Others were built but never used by HSCIC.

A Department of Health Gateway 4 review in December 2012 found that difficulties with deciding requirements were possibly exacerbated by development being offshore.

They raised concerns about the project management approach:

“The GPET-Q [query tool] delivery is being project managed using a traditional ‘waterfall’ methodology. Given the degree of bespoke development required and the difficulties with translation of requirements during the elaboration parts of R1, the Review Team considers that, with hindsight, it might have been beneficial to have adopted an Agile Project Management approach instead.”

General Practice Extraction Service – an investigation. NAO report. 

Latest healthcare IT disaster is a reminder of how vital government digital transformation is.

 

Pity the 775 users who use this outsourced council system?

By Tony Collins

Adult care systems are a cinderella IT service for councils.

It’s rare for journalists to write about them, for good or ill, perhaps because they help council staff deal with vulnerable adults. Such systems help with payments to care home and hospice providers. They help staff organise facilities for adults with learning disabilities or dementia, and respite care for adults at risk of abuse.

One such system has 775 users in Somerset. It’s a “critical” application according to the county council there.  The Adults Integrated Solution was originally supplied by Northgate. The system became IBM’s responsibility under a 10-year outsourcing and joint venture, Southwest One.

The latest in a series of excellent reports on the system’s enduring problems by auditors the South West Audit Partnership goes to Somerset County Council’s Audit Committee today (2 July 2015).

How bad is bad?

The report says the system’s response times have been so poor  that audit trails and logs have been disabled. So how can IBM and the council trace and attribute user activity in the system – particularly one handling sensitive and personal data?

The report says this disabling of the audit trial and logs is “worrying”.

Auditors reported on the system’s weaknesses in their 2012/2013 audit report.  Since then there has been only “limited progress” in implementing recommendations, says today’s report.

On some of their priority recommendations, auditors say they have been unable to obtain documentary evidence to support implementation. They have received verbal assurances – but they remain concerned.

The report says that AIS performance and response times “can still be less than adequate for users’ needs” and IBM is unwilling to develop a service level agreement specifically for the AIS application.

Indeed IBM has refused to give the county council a copy of the AIS contract with Northgate and it was not made available to the South West Audit Partnership for its audit of the system.

This may prompt councillors to ask how the council can properly manage a critical application if it has no control over the system or the outsourcer.

Repeated audit reports on the problems appear to have left matters unresolved.

Below are some of the concerns of the South West Audit Partnership as mentioned in its 2012/2013 audit report. It reports today that it has received only “partial” assurances that these problems have been solved.

Applications could be unavailable a month or more

Said the South West Audit Partnership: “We have identified in previous audit reports that there is no tested IT disaster recovery strategy. This is a strategy that would be put into effect in the event the Somerset County Council data centre was unavailable for any reason. Although a contract has been signed with Adam Continuity, applications could still be unavailable for a month or even more.”

No formally-named business system owner

“As of November 2014, Helen Wakeling (AIS System Owner) has left Somerset County Council. The responsibility of AIS system ownership needs to be reassigned and formalised.”

Payments to care providers not properly checked?

“… there does not appear to be a process to ensure payments are authorised, appropriate, complete and accurate…

 

IBM has no contractual duty to provide a good system

“There is no contractual requirement or service level for Southwest One [IBM] to provide a platform that delivers performance and response time that is acceptable to ASC [Adult Social Care] Operations.”

Data validation?

“Data quality in AIS data is undermined by the lack of robust input validation within the AIS application.

“Client records can be created with a minimum of information. Key personal identifiers such as data of birth, NI number and NHS number do not need to be entered and this both increases the risk of duplicate records and provides less data with which to identify those that have been created…”

Is IBM hiding AIS contract from the council?

“Southwest One currently owns the contract with Northgate and would not provide SWAP with a copy. As a result SWAP [South West Audit Partnership] was not able to evaluate Northgate’s compliance with the terms of the contract including licensing requirements…”

Personal data at risk?

“It was noted that developers have access to the production environment, unmasked live production data is used by developers and vendors for testing purposes and desktops are not locked down.”

Potential for fraud?

“In addition the authorise function, a security feature available in AIS has not been implemented resulting in all authorisations occurring outside of AIS. As a result data loss, potential corruption of data, incorrect and potentially fraudulent use of the application, missed, inappropriate or additional payments, will not be identified and acted upon.”

Corrupt data?

“In spite of a recent security incident that appeared to result in some data corruption, there is no reporting in place or review of user, super user or generic user access for appropriateness.”

Can former staff still log on?

“Terminated users were identified with valid AIS access credentials. Just less than 10% of managers with access were found to be no longer employed. In addition user ids are not disabled after not being used for a period of time.”

Unattended screens?

“The time-out for the application is 1 hour. Although users typically leave the application on and lock the screen when they go out to lunch, this process is inefficient, leaving sessions unavailable for others and insecure, since the user could forget to lock their screen and allow bypass of all security.”

System security?

“We also identified in our capacity management audit that desktop lock-down is not in effect and as a result AIS data can be downloaded and copied to USB flash storage. SWAP recommended data security policies be developed and implemented …”

**

Dave Orr who has followed events at Somerset closely since the county council signed the Southwest One contract in 2007 has written to audit committee councillors about the AIS system.

One of his questions is how the council could have transferred a critical application to IBM without its being protected by any specific service level agreement.

Orr says: “I do not believe that an in-house IT service, with a head of IT in the direct employ of this council, would be allowed to leave these serious shortcomings in performance, audit logging and disaster recovery unaddressed.”

Comment

So much for the claims back in 2007, when the council and IBM formed Southwest One, that the services would be “beyond excellence”.

If this is the worst outsourced system in the UK where does that leave the 775 council users who no doubt are trying to do their best for the vulnerable adults in their community?

Thank you to Dave Orr for providing the information on which this article is based.

Universal Credit at “amber/red” says latest DWP report

By Tony Collins

The Major Projects Authority, which is part of the Cabinet Office’s Efficiency and Reform Group, has today published its annual report on 188 projects including Universal Credit, about which it makes only positive comments.

But the authority’s annual report is, it appears, economical with the actualité. At the same time as the MPA published the report, the Department for Work and Pensions published a spreadsheet with statistics and its own narrative on the state of its major projects including the Universal Credit programme.

The spreadsheet said that the UC programme had an “amber/red” rating – but neither the MPA nor the Department for Work and Pensions has given the MPA’s reasons for the rating.

At the request of permanent secretaries the MPA has agreed not to publish its comments on the traffic light status of certain projects, including Universal Credit. The MPA and the Cabinet Office have agreed to allow officials in each departmental to give their own narrative to explain the traffic light status of their projects.

So the DWP, on its website, gives a summary of the state of its major projects, but its narrative on Universal Credit says nothing about the programme’s problems. Neither is there any of the MPA’s recommendations which related to the “amber/red” rating.

In a further shrinking from openness, the MPA and Cabinet Office have agreed with permanent secretaries that the traffic light status of major projects will be published only when they are out of date. So the “amber/red” rating on Universal Credit, although published today, is dated September 2014.

Comment

It is odd in a modern democracy that a large central government department – the DWP – can spend £330m on the IT for a major project and get away with publishing such obviously contradictory information on the scheme.

On the one hand the MPA, the Cabinet Office and the DWP publish only positive comments about progress on the Universal Credit programme.

These are some of the MPA’s comments on Universal Credit:

“Delivery remains on track against plans announced in September 2014. Additionally the Programme has brought forward testing of initiatives from which the programme can learn including the:

• Continued trialling of Universal Support in partnership areas to ensure the right integrated local foundations are in place to support UC expansion.

• Extending In work progression trials to help households increase their earnings once they have found work. • Extending the role of UC Work Coaches to engage with households at their work search interview to assess financial capability.”

Similarly the DWP’s comments in its spreadsheet on the status of its major projects reads like a government press release. Why was one of the government’s major projects – the whole life project costs of UC are estimated at £15.8bn – given an amber/red status?

We don’t know. Except we know that the MPA gives an amber/red rating when it regards a programme as not on track – a programme that needs an assurance and action plan to improve confidence in delivery. Why is the programme not on track? What does the assurance and action plan say? What is the rating today?

So much for open government. Indeed the DWP’s external lawyers are going to an FOI tribunal in London next month as part of a long legal battle to stop four old reports on Universal Credit being published.

Any ministerial announcements about open government in future should, perhaps, take this unedifying FOI episode into account.

Major Projects Authority annual report 2014/2015

Do IDS and Universal Credit deserve such good publicity?

By Tony Collins

Iain DuncanSmith

One of the unwritten conventions in journalism is that is you don’t give bad publicity to a minister who gives you an exclusive interview.

Iain Duncan Smith has given an exclusive interview to the Huffington Post, one of the world’s top-ranking news websites, and it is, perhaps, no surprise that the subsequent headline says:

Iain Duncan Smith Welcomes Record Universal Credit Applications.”

That’s great news. Is the UC programme out of trouble? Are the IT
problems that were imposing artificially low limits on the number and type of claimants – such as incorrect calculations of payments – confined to history?

At one point you could not claim UC as a single person or a couple if you received Jobseeker’s Allowance, Employment and Support Allowance, Income Support, Incapacity Benefit, Severe Disablement Allowance, Disability Living Allowance or Personal Independence Payment.

universal creditYou could not claim if you owned, or partly owned, your home, were homeless, or in supported or temporary accommodation.  You could not claim if you worked but earned more than £330 a month. You could not claim if pregnant,  had disabled, adopted or fostered children.

So are the brakes off now?

The Huffington Post said:

“According to the Department of Work and Pensions (DWP), in May over 3,800 new applications were made a week for the government’s new benefit system.”

That sounds a lot. A record indeed. But a close analysis of the numbers successfully claiming UC shows that since a national roll-out of UC began in February 2015 – amid much good publicity – the increase has been small.

It appears that the UC programme’s costly IT – an investment of £344m by 31 October 2014 (Appendix f) – is still limiting the number of claimants.

dwpThis raises the question of whether the DWP’s publicity machine, with IDS at the helm, has such an influence on the media that it is able to successfully propagate its own message in the face of inconvenient facts.

This was BBC Online’s headline in February 2015: Universal Credit roll-out £600m under budget”

The Sunday Times declared that Universal Credit “is working”. The Telegraph also said that UC is working.

The facts 

The DWP’s plan is for 7 million people to claim UC but the latest figures show that the total number of claimants who had made a successful claim up to 14 May 2015 was 74,120.

This is about 1% of those potentially eligible to claim UC – 25 months after the scheme was launched in April 2013.

Has the number of claimants increased substantially since the national roll-out began in February 2015?

Before the start of the national roll-out about 35,000 people had successfully made a UC claim up to 8 January 2015. There had been an average of 2,325 new claims per week at 96 Jobcentre Plus offices.

Three months after the start of the national roll-out about 74,120 people had successfully claimed UC up to 14 May 2015. There were an average of 3,550 new claims per week at 278 Jobcentre Plus offices.

Rapid pace?

The DWP says on its website:

“Since national roll-out the rate of claims has been increasing at a rapid pace”.

But is this the case?

The number of successful UC claimants has more than doubled since the national roll-out began but the number of Jobcentre Plus offices where UC has launched have nearly tripled in the same period, from 96 in January 2015 to 278 by 14 May 2015.

And the total number of successful claimants remains tiny relative to the potential number of claimants although the DWP says it has expanded eligibility to claim UC from single people to couples and families.

According to the National Audit Office in November 2014, the DWP estimated that around 500,000 claimants would receive Universal Credit by mid‑2016. This target will not be hit at the present rate of successful claimant applications.

Comment

IDS welcomes record numbers of UC applications says the Huffington Post headline.  But almost every week there will be record numbers claiming UC.

That is the nature of a national roll-out:  numbers increase – even by small amounts. The number of applications will continually break records while the roll-out continues during 2015 and 2016.

No doubt IDS and the DWP will continue to seek a succession of media articles on the record number of UC applications. Only this week the DWP announced that UC is rolling out to 10 more jobcentres across England, Scotland and Wales.

Will the media always react complaisantly?

If it does it will be a pity – because MPs may stop asking questions about value for money in the context of the tens,  indeed hundreds, of millions being spent on UC technology with the usual major suppliers.

And if the IT and business change challenges continue to limit the number and type of applications, the total numbers of successful claimants at the end of the national roll-out could be embarrassingly tiny relative to the 7 million potential claimants – not that the DWP’s publicity machine will mind.

The machine will find a new way to sail around the facts. That’s what the DWP’s senior officials seem to believe that government PR staff exist to do.

Universal Credit statistics

Iain Duncan Smith welcome record Universal Credit applications – Huffington Post

DWP’s announcement of the national roll-out of UC

65,000 people claiming Universal Credit