Paper on Universal Credit IT programme the DWP didn’t want published

By Tony Collins

Below are excerpts from a paper on the Universal Credit IT programme that a judge has ruled can be published.

Judge Chris Ryan has granted my request to publish written evidence that the DWP had submitted to an FOI Tribunal for a hearing in February 2016.

The tribunal was over the DWP’s prolonged refusal to publish three reports on the Universal Credit IT programme. The DWP lost the case and in April 2016 released the reports in question: a risk register, issues log and project assessment review. Subsequently the Government Legal Service, representing the DWP, refused permission for the department’s written evidence to the tribunal to be published.

My comments on the contents of the DWP’s written evidence are in a separate article.

Lawyers for the DWP had argued that its written evidence to an FOI Tribunal was for the purposes of the hearing only. The Government Legal Department told the FOI Tribunal,

“The open justice principle has been in this case; the proceedings were held in public; reporting of the proceedings was permitted; and the issues were ventilated very fully in open court.

“We do not consider that it is necessary to go further and for Mr Collins to be permitted to publish the witness statements themselves, outside of the proceedings for which they were made”.

But Judge Ryan,who had heard the original FOI case, granted my application citing this: Guardian Case – provision of documents used in an appeal

He said there would have been no issue if the evidence in question had been given in full during the hearing. To save time such evidence is not heard in full. Instead written statements are given to the judge, which can make it difficult for reporters or anyone listening to the case in court to pick up what is going on.

Said the judge in ruling,

“I am satisfied that Mr Collins has a genuine journalistic interest in referring to the material in his blog …

“I am satisfied, therefore, that the combination of a public hearing (at which the evidence was not heard) and a published determination (which referred to only parts of the evidence) does not do enough to satisfy the principle of open justice and that the contents of the open witness statements should be generally available, including being quoted in journalistic writing of the kind envisaged by Mr Collins.”

The statement in question

The DWP’s written evidence refers, in part, to the effects on staff and managers of leaks on the Universal Credit IT programme.

The DWP’s argument was, in essence, that the release of sensitive information as a result of leaks or an FOI ruling to disclose the three reports in question, would change the behaviours and attitudes of staff and managers.

The DWP’s written evidence gives a rare insight into how the department dealt with its own fear of leaks.

One interpretation of the DWP’s written evidence is that it shows the extent to which the DWP was careful to control information to the media, the public, stakeholders, MPs and the public to ensure that only the correct information about the Universal Credit IT programme was released, and then only by authorised persons.

Another interpretation is that it shows the extent to which the DWP was preoccupied with control of any bad news about the Universal Credit IT programme, to the point of frightening staff and managers by leak investigations, one led by a former member of the security services.

The leaks the DWP refers to in its evidence related to low-level information such as the results of a staff survey of morale or the release of a “starting gate review” that the DWP had lodged with the House of Commons library.

Part of the written evidence below gives several examples of how the fear of leaks manifested itself. For governance meetings, “all documents are sent out as password protected, with official security markings attached, whether or not they contain sensitive information”.

In a leak investigation, staff were subjected to detailed interviews and individual mailboxes “reviewed”, as were access rights to electronic shared areas.

Assurance reports (low-level reports on the state of the IT programme including risks and problems) were watermarked, numbered and password protected, and a register kept of who received them. Recommendations in the assurance reports were not circulated.

The submission said managers distrusted staff and there was a “lack of candour and honesty throughout the Programme and publicly”.

People became “paranoid that they might have accidentally caused a leak, for example by leaving information on a printer”.

At one point the permanent secretary posted a message on the DWP intranet informing everyone of the leak investigations and “inviting people to speak to the independent investigator if they had any information”.

(Please note)…

I have left out the names of the senior DWP executives who wrote the submissions. This is because the executives represented the position and views of the department rather than those of any individual. The submissions were given to the tribunal,  “on behalf of the Department for Work and Pensions”.

Little in the contents of the evidence is surprising. On the other hand it is rare, and perhaps unprecedented, for the DWP’s preoccupation with controlling information on any of its big IT programmes to be articulated so clearly.

This website would argue that suppressing bad news is not conducive to good project management, and can alienate stakeholders who are likely to view a project with suspicion once they believe they are fed only good news.

Excerpts

Parts of the written statement of a senior executive on the Universal Credit IT programme follow.

The executive has been a civil servant at the Department for Work and Pensions, and its predecessor departments and agencies, for more than 25 years.

“I therefore have a very good understanding of the general workings and culture of the DWP as a whole…”

The executive also has a “considerable experience of delivering large change programmes (although none as large as UC, which is unique in scale).

“Within my change management experience I have reviewed and managed risk registers and issue logs as part of the Senior Management team.”

The executive explained that the Universal Credit programme constitutes a massive investment of public money.

It is being delivered by a central programme staff of about 500 at present and eventually by “thousands of staff in our operational sites”.

The UC programme went through a “reset” instigated by the Major Projects Authority in 2013.

“This meant a considerable amount of re-planning and scrutiny from other Government Departments.

“There are very few senior level staff still working in the Department who worked on the Universal Credit Programme in 2011/2012. I have been asked to provide this witness statement as I joined the Programme in 2012 and have a good understanding of what happened on the Programme before that date as well as of DWP more generally.”

When joining the Universal Credit IT programme, the executive found that many of the senior management team were relatively new and, as colleagues were taken on board, “we were expected to learn about the Programme and deliver our critical areas of work simultaneously”.

“I was placed on temporary promotion … and asked to take on a fact-finding/troubleshooter role on behalf of the Programme Director, undertaking a stocktake and reporting back within 6 weeks on areas of known concern.

“As a Director I was also a member of the senior management team of the (Universal Credit) programme. It rapidly became apparent that many issues were being addressed within the Programme but that there were significant problems in some areas – including my area of expertise.

Significant problems

“I worked closely with the Secretary of State’s Special Adviser (Stephen Brien) and other security specialists to investigate the position. In summary, we concluded (just before Christmas 2012) that the IT system that had been developed for the launch of UC had significant problems.

“This was difficult news for the Programme and our conclusions were very sensitive. Having been told and having understood our discussions, ministers and the programme leaders (including me) needed to consider how the rollout of UC could proceed and the “art of the possible” in respect of launching UC in April 2013 as previously planned and announced. This was under discussion in late December/January.

“The Major Projects Authority undertook a review of the Programme in February 2013, where all Programme leaders and others, including me, were interviewed.

“The decision was taken that the Programme would be reset under the leadership of David Pitchford, then the Chief Executive of the Major Prpojects Authority. We were told that he would bring his own team with him and our own role remained uncertain for a few weeks. On arrival Mr Pitchford convened a workshop of all senior leaders of the Programme to set out the way forward for the Programme.

Mr Pitchford and his MPA team were in place for 13 weeks. I attended workshops and discussions with them and made them aware of the issues in relation to the Programme that my pre-Christmas stocktake had uncovered.

“I also continued to work with DWP teams to decide what recovery and improvement action was needed to support UC in the future, whatever the reset outcome. During this period Mr Pitchford was appointed as ‘Chief Executive of Universal Credit’, and suspended other governance meetings with decisions made by him at the centre of the Programme.

“In February 2013 an extraordinary ‘Ministerial Oversight Group’ was put in place, which was made up of the Secretary of State for Work and Pensions, the Chief Secretary to the Treasury, the Minister for the Cabinet Office, the Cabinet Secretary and very senior officials from each of the Departments concerned. I presented to this group on the issues I had been working on. This group met a small number of times during 2013 to monitor progress of the Programme.

“Mr Pitchford and his team departed in May 2013, leaving what they referred to as a ‘blueprint’ for the Programme for Ann Harris (the new programme Director) and Howard Shiplee (the new SRO).

On taking up appointment Mrs Harris and Mr Shiplee further reviewed staffing levels and expenditure on contracted resource, reducing both significantly.

“This inevitably created further confusion and concern in some areas of the Programme. They also re-established formal governance, a new Programme Board with an external non-executive chair and strong project management structures, including risks and issues management, and realised that further planning was required. As well as being part of the senior management team under Mr Pitchford’s direction, I was also part if the new senior management team from May 2013…

“I make these statements not only to describe my work on the Programme – and therefore my good understanding of the sort of pressures the Programme faced, and the nature of the culture within the Programme – but also more generally to try and give a picture of the extreme pressures that working on a Programme of sort of size and complexity can create.

“I also believe that those pressures emphasise the very great importance of ensuring that in the teeth of management change, and external and internal pressure, those responsible for the programme can nevertheless be assured that they receive accurate, frank and timely advice and information about the state of the programme. These sorts of pressures made it more difficult to ensure that this type of advice can be provided and is available for those who need it, even though it is vitally required…

The effect of Freedom of Information disclosures

“I will now turn to the effect of disclosing information that DWP seems sensitive under the FOI Act. It is very difficult to document actual cases of the effect of disclosure as, in my experience, the exemptions under the Act and decisions of the Information Commissioner and Tribunals mean that such sensitive information does not get released in the first place.

“It is therefore inevitable that the effect of disclosure has to be inferred from other types of disclosure (e.g. leaks); from knowledge of human behaviour under the sort of pressures that arise in the Programme of this kind: and from knowledge of departmental behaviour and culture.

“To give a flavour of this, if we take 2012 as an example (as the year that these requests were made) DWP disagreed with the decisions to order the release of information in just 7 cases which came before the Information Commissioner. This is out of a caseload of 4,778 FOIA requests that year.

“Of the cases where we disagreed with the decisions, 2 are the ones before the Tribunal now, 3 are joined with each other as they relate to the same information and are scheduled before the Court of Appeal in June 2016 and on the remaining 2 the Tribunal agreed with the DWP’s judgement and the information did not get released.

“It is therefore difficult for me to give examples of where inappropriate disclosure has caused harm, precisely because the mechanisms designed to protect against that are generally effective.

“Whilst there will undoubtedly be specific reasons relating to each case, considering PARs [project assessment reviews], Risk and Issues Registers in general terms, release of the sensitive information commonly held in these documents would inhibit candour .

“In lookalike cases across government this position has been supported by the Information Commissioner and Tribunals, or the government has as I understand it decided to use the executive override (the FOI “veto”) under section 53 of FOIA.

“DWP rarely receives requests for a PAR or Risk or Isssues Register relating to a major programme and has not released one to date.

“The initial requests for information in these cases also included the request for the Universal Credit milestone schedule. This was released by the Department earlier this year (2015), so I should explain here why we did not feel its release would unduly affect candour.

“Previous submissions from the Department have clearly stated that the “chilling effect” applies in a very minor way to milestone schedules, as they are by their nature a lit of milestones and dates to achieve those milestones.

“A limited chilling effect may occur if information disclosures led to future milestone schedules containing vaguely labelled milestones and deadlines that were unrealistically long, but this sort of minor chilling effect is likely to be picked up by the robust Programme Management which we have in place. Given that, and the passage of time that has now elapsed since the milestone schedule was requested, I agree that it was appropriate to release that document rather than continue to withhold it.

“Given the lack of evidence that I am able to draw on regarding the damage caused by the release of information through FOI, the evidence I can present must come from a different source, namely that of unauthorised leaks of information. Both leaks and disclosure of sensitive information through FOI result in civil servants losing trust in the sanctity of the information sharing systems and processes, resulting in a loss of trust and diminished openness and candour.

“Whilst this is different for FOIs and leaks in that one can be planned for and managed, the damage to trust is still essentially the same. Leaks caused additional damage in that trust of colleagues is also undermined, which is unlikely to be the case with the release of sensitive information under FOI (though there may be a little distrust in colleagues, as some people contributing to risk registers and issues registers may not be aware of FOI rules so may think colleagues have chosen to release documents inappropriately).

My own experience, and those of my colleagues, on the effect of leaks.

I now turn to my own experience of leaks and how they have undermined candour. During 2011 and through to 2013 there were a number of leaks and unauthorised disclosures that came out of the Programme.

“Leaks cannot be managed and considered in the same way as freedom of information requests. Leaks are managed in a reactive and defensive way: however, the impact on staff can be similar. With leaks, staff grow to distrust their colleagues and managers; with the release of data through FOIs, staff grow distrustful of the system and, if they are aware their work can be released this way, will be less candid in the information they record.

Major Projects Authority Review

“In 2011, the Major Projects Authority undertook an independent review of Universal Credit – this was a Starting Gate Review on behalf of the Senior Responsible Owner. The report of the review is confidential to the SRO, and if it is to be helpful it must contain candid advice, both in terms of processes and individuals.

“In this instance the Universal Credit Programme underwent a Programme Assurance Review from the Major Projects Review Group (MPRG), (Cabinet Office, HM Treasury and invited independent experts). The meeting was to provide further recommendations to the SRO and to write to HM Treasury in support of the Treasury Approval Point, which was the ultimate source of funding for the Programme.

“After the meeting of MPRG the Starting Gate Review report and elements of the costs and benefits for Universal Credit were leaked in the Daily Telegraph. These documents are clearly marked as confidential and sensitive. The Business Case provides the economic, commercial and financial argument to allow Government to make key decisions on investment when it comes to large Programmes. It contains sensitive financial and commercial information.

“The various leaks took place at a time (late 2011) when there was press speculation about ‘tension’ between DWP and HM Treasury officials over Universal Credit, and the MPA report was candid in its appraisal of the strengths and weaknesses of the Programme, identifying areas for improvement, and risk areas to manage.

“The leaking of these various documents made DWP officials feel more defensive and built a sense of being ‘under siege’ and having to take extreme care about what information was being shared and with whom. This was observed by others such as the National Audit Office (NAO), who felt that the Universal Credit Programme was building a ‘fortress culture’.

“The extreme care that was taken had particular consequences. One was that it was harder for people on the Programme, and throughout Government, to obtain the information they needed to do their jobs – even the members of the Programme Board could no longer receive their papers electronically, which meant twenty packs of up to 200 pages delivered by hand every month.

“As is clear from this example, extra time had to be taken in relation to protecting information when the time needed to be spent on introducing UC.

“Valuable resource, both people and time, was taken up ensuring all documents were marked securely in the correct way, all papers were numbered and signed for, any that were sent were ‘double-enveloped’, and any papers that needed to be retained were ‘signed back in’. People were focused on physically protecting information when the time needed to be spent on planning and delivering UC.

“This, then, was the effect of leaking the Starting Gate Review, which for the reasons I have already explained above was a less sensitive document and leaked at a much less sensitive time than either the PAR report in this case, or indeed the Risk Register, or Issues Register.

Pulse Survey

In 2013, the results of a Universal Credit ‘Pulse Survey’ were shared with the Programme. A Pulse Survey is used to gain a quick and simple snapshot of how people feel about the workplace.

“The covering note, sent only to UC staff, acknowledged how difficult it had been to work in the Programme, but explained that there had been a lot of work done to develop a more positive culture, that things were improving and that the leadership team were committed to improving this. There was an embedded file in the note that included personal comments made by the staff in response to some of the questions, and some of these comments were very negative in nature.

“These were included to give an honest picture of how it felt to work in the Programme to ensure staff recognised that their concerns were understood and that changes would be made for the better. The letter and comments were leaked to the Guardian Newspaper and made the front page. The comments in the Guardian included:

Working on UC was ‘soul-destroying’ and ‘unbelievably frustrating’.

People were under so much pressure that they could only engage in ‘fire-fighting and panic management’.

One civil servant writes of a ‘near complete absence of anything that looks like strategic leadership in the programme’.

‘There is a divisive culture of secrecy around current programme developments and very little in the way of meaningful messages for staff or stakeholders explaining what will happen and when.’

‘I have never worked somewhere where decision making was so apparently poor at senior levels …’

“As a consequence of these leaks and others a number of leak investigations were instigated by the Permanent Secretary and the Secretary of State. One was led by a former member of the Security Services. They involved detailed interviews with a wide variety of staff – where direct questions were asked about colleagues – and interrogation of email systems and reviews of staff access to documents.

“People became suspicious of their colleagues – even those they worked closely with. There was a lack of trust and people were very careful about being honest with their colleagues. People were very careful who they shared information with, and became paranoid that they might have accidentally caused a leak, for example by leaving information on a printer.

“People also stopped sharing comments which could be interpreted as criticism of the Programme, even when those comments would be useful as part of something like an MPA review.

“Colleagues also became concerned about the sanctity of the information systems and processes – which were also examined as part of the investigation where elements such as access rights to electronic shared areas and individual mailboxes were reviewed.

“The leaks had a considerable impact on the member of staff who sent out the note on the pulse survey and those that read the note, including those who contributed the anonymous comments in the embedded document.

“People felt they could no longer share things with colleagues that might have an honest assessment of difficulties or any negative criticism – many staff believed the official line was ‘everything is fine’.

“People, even now, struggle to trust colleagues with sensitive information and are still; fearful that anything that is sent out via email will be misused. For all governance meetings, all documents are sent out as password protected, with official security markings included, whether or not they contain sensitive information.

How did it change the way we did things?

“All future MPAs, other assurance reports, risk registers and issues registers were all treated with utmost care.

“For assurance reports, only the SRO and Programme Director could have electronic copies (and the password protected) and other recipients received printed, watermarked, numbered copies, with a register kept of who had received them.

“While the business case tem has copies of the recommendations, these were not circulated, and while the team did pursue progress against this clearly could not be set in the full context of the report outside a small number of people.

“This was damaging to the programme because people felt management did not trust them, leading to a lack of loyalty and commitment and further distrust of the system. Releasing what Programme staff would have seen as sensitive and ‘official’ information in the form of the PAR report or risk or issues register at that time would have exacerbated an already difficult situation in the Programme.

“At the time of the leaks and the investigations that followed, Programme senior leaders were expected to speak to their teams about what had happened and what the ‘lines to take’ were.

“The lines to take were also added to the Rolling Brief (an internal update document) and circulated to senior leaders in the Programme, press office, special advisors and so on. The lines were a ‘defensive’ approach to media requests, emphasising the positive in terms of progress in the Programme without acknowledging the issues identified in leaked stories.

“This positive approach to briefing and media management built on the effect of the leaks and led to a lack of candour and honesty throughout the Programme and publically – it contributed to the to the ‘fortress mentality’ spoken of by the National Audit Office.

“Subsequent to the various leaks, the Permanent Secretary posted a message on the DWP internal intranet informing every one of the investigations and inviting people to speak to the independent investigator if they had any information. This was at a time when the Permanent Secretary needed to give as much focus as possible to the Programme itself.

“The arrangements around sensitive documents, such as assurance reports, business cases and risk logs, are still tightly controlled in the Universal Credit programme, both as a consequence of the leaks and the investigations and because of the perception that these fostered that anything that did not reflect well on the Programme was likely to be leaked.

“Further release of information, either through the FOI route or another leak would have piled pressure both on management and on the Programme staff, with everyone feeling limited in what they could say, and how honest they could be when recording their concerns about Programme progress.

“One of the broader consequences of this was that the level and frequency of communications was reduced because of this lack of trust in systems for recording information. ‘Temperature checks’ and similar ‘pulse surveys’ were no longer carried out.

“This led to people feeling ‘disengaged’ and the level of commitment from people reduced. This low level of engagement was evident in the 2013 and 2014 People Survey results, with those feeling proud of working in the Programme being significantly less than those who were proud of working for the Department as a whole.

“Part of this lack of candour caused by leaks relates to dedicated civil servants not wanting to harm the Programme and risk its delivery. Universal Credit is the most profound change to the welfare state that most will work on in their career. The benefits that will stem from the change will have a significant impact on millions of lives and save billions of pounds.

“Undermining trust in the information-sharing systems and processes that are used by a group of people dedicated to wanting to see this positive change will almost certainly result in them stepping back from the frankness and candour that is so necessary for effective Programme Management.

“This may be done with the best of intentions. Officials will not want to be the source of information made public, that reflects badly on a Programme they consider will have a positive effect on so many. But (to give one example) toning down, even unconsciously, the wording of a risk makes effective programme management much harder.

“This in turn increases the risk of issues occurring, which might otherwise have been drawn out, planned for and avoided. This may be a relatively slight issue in a small programme with a small number of staff, but on a Programme the size and scale of Universal Credit, that candour is vital to ensure we make the most effective decisions, since they ultimately affect the lives of millions of citizens.

The above facts are true to the best of my knowledge and belief.

Signed electronically

6th November 2015

“I make this statement on behalf of the Department for Work and Pensions in support of the DWP’s position in three appeals under the Freedom of Information Act 2000 (FOIA).”

My submission to the tribunal, which includes responses to the above DWP points is here:  Tony Collins statement to FOI DWP tribunal January 2016.doc

[Thank you to FOI campaigner and IT projects professional John Salter [@AmateurFOI] who provided invaluable help with my submissions to the FOI tribunal. It was largely through Slater’s efforts – including his own submissions and attendance at two FOI tribunal hearings where he cross examined DWP witnesses  – that the DWP eventually released the reports in dispute.]

Comment and analysis on the DWP’s written evidence.