Shedding new light on the Post Office Horizon controversy?

By Tony Collins

Dozens of families gathered in the ballroom of a Hilton hotel to hear independent investigators announce the most likely cause of an air crash that killed 132 air passengers.

Some wondered whether official investigations into air crashes always ended up protecting powerful corporate interests. For several years the manufacturer Boeing had denied that a technical malfunction was the cause of the crash. It blamed the pilots.

This was the longest inquiry in the history of the National Transportation Safety Board, an investigative organisation funded by the US government. Congress has mandated the Board’s independence and objectivity.

At first, each Boeing 737 incident was treated as a single unique event.  In the absence of any clear evidence of a technical malfunction, suspicion fell on the pilots.

The 737 is, after all, the best-selling commercial jet airliner in history. It has an extraordinary safety record.

Then evidence began to mount that various 737 incidents might have been linked.

After thousands of tests over several years, air crash investigators made a discovery – that a particular technical malfunction could, after all, have caused the incidents.

It was an intermittent malfunction – and one that occurred in a rare set of circumstances. It left no trace. It might have caused a succession of seemingly-unique major incidents.

Now the final verdict on the likely cause of USAir Flight 427’s destruction was imminent. As families sat in silence at the Hilton Hotel, Springfield, Virginia, five board members of the National Transportation Safety Board voted – in public – on whether they accepted the findings of their staff investigators who’d pointed to the likely cause being a technical malfunction, not the pilots.

The vote was unanimous; and some relatives wept.  The probable cause was not the pilots. It was “most likely” to have been a technical malfunction.

Boeing accepted the final report into the crash of Flight 427. “We respect the Board’s opinion,” said Boeing after the vote. It made rudder-related design changes that eventually cost more than $100m.

Human or machine?

What do various incidents involving Boeing 737s have to do with a campaign for justice for 198 former sub-postmasters and their families?

At issue in both cases is whether human or machine was to blame for a plethora of incidents.

Former sub-postmasters, who used to run local post offices across the UK, say that technical malfunction, or a combination of human error and unusual, unexpected equipment behaviour, was the cause of their distress, misfortune, jailing or bankruptcy.

The Post Office blamed them for losses shown on its “Horizon” system and required that they pay the shortfall in question. This led to financial ruin for some of them. The Post Office insisted its equipment was not at fault. It pointed to the lack of evidence of any technical malfunction.

But investigations into rare crashes of 737s show that it’s possible for a major corporation to be mistaken when it clears its own equipment and blames the equipment’s human operators.

The 737 investigations found that “no evidence of a technical malfunction” did not necessarily mean “no technical malfunction”.

The UK government reached a similar conclusion at the end of a campaign by families to set aside an RAF finding of gross negligence against two pilots, Flight Lieutenants Jonathan Tapper and Rick Cook, who died when a Chinook helicopter, ZD576, crashed on the Mull of Kintyre in June 1994.

For 16 years the RAF and Ministry of Defence insisted that there was no evidence of a relevant technical malfunction on the last flight of Chinook ZD576. They blamed the pilots for the crash. But leaked MoD technical papers established that the Chinook’s engine computer systems could fail in unpredictable ways – sometimes intermittently – and leave no evidence.

In the end – after a 17-year campaign for justice by the pilots’ families – the UK government set aside the RAF’s finding against Tapper and Cook, mainly because of doubts over whether the pilots or technical malfunction, or a combination of both, caused the crash.

Arguably, the Chinook and 737 controversies established the principle that, despite the absence of firm evidence of a technical malfunction, a major incident could still be caused by one, or a series of them.

This may be an important consideration in Post Office cases because, in some criminal trials of sub-postmasters, the absence of evidence of a technical malfunction that caused the losses shown on Horizon has counted against the defendants.

It counted against former sub-postmaster Lee Castleton who disputed in a civil action the Post Office’s claim that he owed amounts totalling £27,000. These sums were shown on Horizon as losses.

The judge in the case said, “It is inescapable that the Horizon system was working properly in all material respects.” Castleton lost the case and was left with costs of £321,000. The following year he filed for bankruptcy.

In a separate case, a criminal hearing where former sub-postmaster Seema Misra was the defendant, a jury agreed with the Post Office’s case that the Horizon system was tried and tested, had been in use at thousands of Post Offices for several years, and was fundamentally reliable and robust.

Misra was jailed for the theft of £75,000 in a case based on the Post Office’s computer evidence. She said she hadn’t taken a penny.

When sub-postmasters could not prove the existence of a fault on Horizon that explained the losses, the conclusion was that they were personally responsible for the shortfall.

About 30 of the 198 individual complaints against Horizon are from former sub-postmasters who received criminal convictions over the losses.

Boeing and the Post Office

With its turnover of about $94bn [£76bn), Boeing is nearly ten times the size of the Post Office. The Post Office has a turnover of less than £1bn. Boeing has vast facilities and specialist teams to investigate crashes full-time. Still, its judgments on the probable cause or causes of major incidents are not infallible.

A number of 737 incidents have shown that, even with relevant incident data available, it may take years of assiduous and expensive independent investigations to get to the likely truth.

In the case of the 737 incidents, the suspect component at the centre of investigations, a power control unit, was based on an old design (certified in the 1960s) – and straightforward in its operation relative to the Horizon system.

In comparison, the Horizon system has hundreds of thousands of lines of code and is complex, taking into account its many upgrades over more than a decade and its interactions with different hardware, networks, interfaces and a central data centre. Adding to this complexity are user uncertainties over procedures for dealing with problems.

But one of the most striking single aspects of any comparison between 737 crashes and the Horizon controversy is that it took professional full-time independent investigators in the US several years and thousands of tests on one suspect component only, before they were able to establish not that the component in question had been the cause of two fatal crashes and a succession of other incidents but that it had been the “probable” cause.

More than $1m was spent investigating the power control unit and still there was no firm evidence that the suspect component was the cause.

The Post Office has, arguably, required a higher standard of proof from local sub-postmasters.

By insisting that there was no evidence of a malfunction that resulted in losses, the Post Office put the onus on sub-postmasters to prove otherwise. Establishing that Horizon was the “probable” or “likely” cause – the standard of proof required in commercial aircraft accidents – was not good enough in cases of sub-postmaster complaints.

In response to the complaints of former sub-postmasters, the Post Office has made a number of similar statements:

“There is no evidence that faults with the computer system caused money to go missing at these Post Office branches. There is evidence that user actions, including dishonest conduct, were responsible for missing money.”

Another Post Office statement said,

“To date, and after two and half years of investigation and independent review, the facts are that Post Office has found no evidence, nor has any been advanced by either an Applicant [former sub-postmaster] or Second Sight [the independent investigators of sub-postmaster complaints], which suggests that Horizon does not accurately record and store branch transaction data or that it is not working as it should.”

Boeing made similar points in its submission to the National Transportation Safety Board on the crash of Flight 427. Boeing pointed to a lack of evidence of technical malfunction while pointing to evidence of the actions of human operators (pilots).

Boeing said,

“There is no evidence to support a conclusion that an uncommanded full rudder deflection occurred (the rudder moving in the opposite direction to that commanded by the pilots).

“While there is not conclusive evidence of a crew-commanded, sustained left-rudder input, such a possibility is plausible and must be seriously considered, especially given the lack of evidence of an airplane-induced rudder deflection.”

Indeed Boeing’s conclusion in its submission to investigators of 737 incidents was similar to the Post Office’s position that there was “no systemic problem” with Horizon.

Boeing said,

“There is no data to indicate that the Eastwind Flight 517 event, the United Flight 585 accident, and USAir Flight 427 accident were caused by a common airplane malfunction.” [Boeing had argued that each incident was different – a similar argument to the Post Office which said each complaint by sub-postmasters  about the Horizon system was “demonstrably different and influenced by its own particular facts”.]

In a separate submission to the National Transportation Safety Board, the manufacturer of the 737’s suspect power control unit, Parker Hannifin, made a point similar to Boeing’s.

“In sum, after years of one of the most critical examinations in aviation history, there is no evidence that the main rudder PCU [power control unit] from Flight 427 malfunctioned or was other than fully operational.”

Last word

But the National Transportation Safety Board, as a statutory authority, had the last word.

Its conclusion did not coincide with the view of Boeing or Parker Hannifin.

It said the most likely cause of the crash of Flight 427 was that the rudder moved in the opposite direction to that commanded by the flight crew. The final investigation report said,

“Probable Cause

“The National Transportation Safety Board determines that the probable cause of the USAir flight 427 accident was a loss of control of the airplane resulting from the movement of the rudder surface to its blowdown limit [full aerodynamic limit].

“The rudder surface most likely deflected in a direction opposite to that commanded by the pilots as a result of a jam of the main rudder power control unit servo valve secondary slide to the servo valve housing offset from its neutral position and over-travel of the primary slide.”

Could both sides be right?

On the face of it, the Post Office and former sub-postmasters have contradictory arguments, just as Boeing’s assertions and the investigators’ finding of likely technical malfunction may seem contradictory.

It’s possible, though, that these arguments are not as contradictory as they seem.

It is conceivable the Post Office was correct when it said there was no conclusive evidence of a technical malfunction; and it’s equally conceivable the former sub-postmasters were correct when they said a technical malfunction was partly or entirely to blame for the losses.

Possible similarities and differences

Campaign4Change has looked closely at some of the similarities and differences between 737 rudder incidents and the Post Office cases.

The Post Office and Boeing investigated each incident as a separate matter. Both organisations found no systemic problems. But, unlike Boeing, the Post Office always had the upper hand in its investigations: it was able to require that sub-postmasters pay, in many cases, tens of thousands of pounds that were shown as losses on Horizon.

There’s a risk of trivialising the consequences of 737 crashes when making comparisons with the Horizon controversy. It can be argued, though, that both involved major incidents that ruined lives; and both cases raise the question of whether any large corporation, once it has taken a position that its equipment was not to blame for a single major incident – let alone a number of incidents – will ever change its mind unless forced to.

One particular difference between the UK and US investigations into major incidents is that the US regulatory system allows Boeing to make a submission to the investigations board – which it did, contesting the board’s draft finding that blamed technical malfunction for 737 incidents and crashes – but Boeing had to abide by the independent board’s final decision.

The Post Office did not have to abide by the findings of its independent investigators Second Sight and was able to end Second Sight’s contract. The Post Office said it had given Second Sight “notice regarding its contract“.

Another difference: in the US, the regulatory system allowed the National Transportation Safety Board to require information from the various equipment manufacturers; and the Board’s investigators could obtain information independently of the manufacturers, usually with their cooperation but not necessarily.

In comparison, the Post Office determined what information it passed to Second Sight and the families. On this point Second Sight had its concerns.

In one of its reports for the Post Office, Second Sight said,

“We have experienced significant difficulty in obtaining access to a number of documents we believe are necessary for the purposes of our investigation, notwithstanding Post Office’s commitment to make requested documents available to us.”

The Post Office says it made available to Second Sight thousands of documents but not those that were the subject of legal privilege .

There’s a further difference between the US and UK investigations. In the US, the National Transportation Safety Board did its own investigations or supervised those carried out by equipment manufacturers. It even had the power to exclude equipment owners from participating in the inquiry.

In 2010 American Airlines was excluded from participating in an investigation into an incident involving one of its 757 aircraft because its technicians downloaded and accessed information from the plane’s black box [digital flight data recorder] before it was examined by independent investigators.

US regulations require that the National Transportation Safety Board is the first to see, download or access information from the black boxes.

A Board press release criticised American Airlines. It said,

“Although a thorough examination by our investigators determined that no information from the DFDR [digital flight data recorder] was missing or altered in any way, the breach of protocol by American Airlines personnel violates the Safety Board’s standards of conduct for any organization granted party status in an NTSB investigation.

“Because maintaining and enforcing strict investigative protocols and procedures is vital to the integrity of our investigative processes, we have revoked the party status of American Airlines and excused them from further participation in this incident investigation.”

When the Post Office investigated Horizon systems in the light of losses shown on the systems, it had the authority to retain full control of system information throughout.

As well as being the owner of the system, the Post Office was responsible for commissioning the investigations into the actions of the sub-postmasters. It was also the prosecuting authority and supplier of the material facts involved.

Other possible considerations

  1. In the US, there was no procedure for pilots to follow if they had a rudder hardover (where the rudder moves to its fullest extent and jams against a mechanical stop). The principle was that pilots were not trained to cope with problems that theoretically couldn’t occur. Were sub-postmasters faced with malfunctions that were considered impossible and so hadn’t been trained to cope with them?
  2. Human operators may make the ultimate mistake but they might have been reacting to malfunctions, problems with design, inaccurate information or confusing interfaces. [The Post Office had 1.5 million Horizon helpline calls in a three-year period which is a possible sign that many local post office staff did not fully understand the system or how it worked.]
  3. The US pilots’ trade union ALPA [Airline Pilots Association] was formed partly because of a perception that the government’s automatic response to major incidents was to blame pilots.
  4. After major incidents, the Post Office and Boeing have pointed to the extraordinary record of reliability of their equipment, the implication being that a systemic problem is highly unlikely. The 737 had (and still has) an extraordinary safety record: 264 million flight hours and an uncommonly low crash rate. Airlines have ordered at least 11,550 of them, more than any other commercial aircraft in history. It’s in use in 111 countries. Its reliability record is the best in the world. On average more than 2,000 737s are in the air at any one time. It has carried 17 billion passengers – about twice the world’s total population. It has flown about 120 billion miles, the equivalent of 640 round trips from the earth to the sun. The Post Office says of Horizon: “Horizon is robust and effective in dealing with the six million transactions put through the system every day by our postmasters and employees at 11,500 Post Office branches. It is independently audited and meets or exceeds industry accreditations.   There have been 500,000 users of the system since it was introduced.”
  5. The design of the 737 rudder system had been considered fail-safe. It was thought it would work properly even when problems occurred. The system had built-in “redundancy”. Every lever inside the lower power control unit had a second lever that moved in concert, in case one should break. There were two hydraulic systems in case one should fail. There was a standby actuator in case the main power control unit stopped working. Even so, after thousands of tests, investigators found it could fail in very rare circumstances.
  6. The Post Office has listed the many procedures and processes in place for subpostmasters to handle problems or technical failures. The Post Office said, “Horizon is capable of handling power and telecommunications problems. In Post Office branches, postmasters are responsible for power supplies and the cabled telecommunications lines. Interruptions in power supplies and telecommunication lines are a risk faced by all IT systems. There are, however, recovery systems built into Horizon to prevent losses occurring where there is a power or telecommunication failure. There is no evidence to suggest that either of these events would cause losses in branches where the recovery process has been correctly followed by branch staff. There is however evidence of branch staff failing to follow the recovery process properly. This would cause discrepancies in a branch accounts and could be a cause of losses. It is however the result of human error by Applicants [former sub-postmasters] or their staff, and not a failing of the Post Office or Horizon.”
  7. US air crash investigators were able to glean much from listening to voices in the cockpit shortly before incidents occurred. No such luxury existed in the investigation of Post Office Horizon losses. The Post Office cannot have known what was in the minds of the sub-postmasters at the time: whether they had criminal intent or were utterly baffled by what was appearing on their screens.
  8. The National Transportation Safety Board after its initial investigation into the fatal crash of United Airlines 585 at Colorado Springs in 1991, reached a conclusion that the probable cause was “undetermined reasons”. Would the Post Office consider such a possibility in the case of Horizon losses?
  9. After the unexplained crash of Flight 585, the National Transportation Safety Board kept tabs on 737 rudder problems even without evidence they were the likely cause of any serious incidents. Does this mark a different investigative approach to the Post Office which appears to have had a mindset that its equipment could not be to blame for losses?
  10. The fact that five leading members of the National Transportation Safety Board voted publicly on the probable cause, or causes, of a major incident limited the potential for an institutional mindset to develop. The Board often modified or rejected the findings of its investigators.
  11. Tests could not be carried out on 737 equipment until all parties agreed on how each piece would be tested. Agreement involved the Federal Aviation Authority as regulator, Boeing, the pilots’ union ALPA and the machinists’ union. In contrast the Post Office was in complete control of its investigations into Horizon losses.
  12. The existence of the National Transportation Safety Board is a check against parties protecting their own corporate interests, namely the reputation of their equipment, after a major incident. What similar check exists to prevent the Post Office from seeking to protect its corporate interests – namely the reputation of its equipment – after a number of major incidents?
  13. Would the conclusions of the investigations into the 737 incidents have been different if Boeing had been the authority in charge of the final report?

A useful book on the crash of Flight 427 is by Bill Adair, which is an inside account of the 737 rudder incidents. He had access to all the main parties involved.

Also useful is the final report of the National Transportation Safety Board into the crash of Flight 427. It contains Boeing’s submission.

In January 2017, the High Court granted Justice for Subpostmasters Alliance, which represents the accused former sub-postmasters, a Group Litigation Order against the Post Office.  There are 198 sub-postmasters on the High Court claim form and several hundred more are likely to join as claimants.

If the case goes to appeal, it could continue for years.

Or the Post Office could choose to settle rather than spend public money fighting a case which could be seen as a self-vindicating exercise – one that prolongs the misery for the subpostmasters and their families.

Campaign4change emailed the Post Office a list of detailed questions, based on this article. A Post Office spokeswoman replied that, “given that there is currently litigation it’s not appropriate for Post Office to comment”.

Last year, after a BBC Panorama documentary on the complaints of sub-postmasters and the Horizon system, the Post Office issued the following statement:

BBC Panorama – Our response

The Post Office wholly rejects extremely serious allegations repeated in BBC’s Panorama programme of 17 August 2015. The allegations are based on partial, selective and misleading information.

  • The Post Office does not prosecute people for making innocent mistakes and never has   
  • There is no evidence that faults with the computer system caused money to go missing at these Post Office branches 
  • There is evidence that user actions, including dishonest conduct, were responsible for missing money

We are sorry if a small number of people feel they have not been treated fairly in the past but we have gone to enormous lengths to re-investigate their cases, doing everything and more than we committed to do.

All of the allegations presented in the programme have been exhaustively investigated and tested by the Post Office and various specialists over the past three years or more.   The unsubstantiated claims and theories that continue to be levelled against the Post Office are at odds with the facts and are constructed from highly partial, selective and inaccurate information.

This is about individual cases and the Post Office will not discuss those in public for very good reason.  The Criminal Cases Review Commission (CCRC) is reviewing a small number of cases involving criminal convictions. It will be provided with all available information including confidential legal material not available to others and we believe the CCRC should be allowed to complete its reviews without external comment.  We also gave a commitment of confidentiality to people who put forward cases to us for re-investigation.

The Horizon computer system is robust and effective in dealing with the six million transactions put through the system every day by our postmasters and employees at 11,500 Post Office branches. It is independently audited and meets or exceeds industry accreditations.

Background facts

Prosecutions

The Post Office has always taken its duty to act fairly, proportionately and with the public interest in mind extremely seriously.  The Prosecutions it brings are scrutinised by defence lawyers before they advise their clients and are, ultimately, ruled upon by the courts.

If money is missing from a Post Office branch and the fact that cash is missing has been dishonestly disguised by falsifying figures in the branch accounts, the Post Office is entitled to take action and does so based on the facts and circumstances of that specific case. Though rare, where there is evidence of criminal conduct, a decision may be made to prosecute.

Prosecutions are brought to determine whether there was criminal conduct in a branch, not for the Post Office’s financial considerations.

Post Office prosecutors are all experienced criminal lawyers, many of whom have significant experience in prosecuting for both Post Office and the Crown Prosecution Service.   In the rare instances that prosecutions are undertaken, the Post Office follows the Code for Crown Prosecutors (the same code as the Crown Prosecution Service).  The Code requires a prosecution to have sufficient evidence and be in the public interest, both of which are kept under review right up to and including any trial.   It means there must be sufficient evidence for each charge – if a theft charge is brought, there must be sufficient evidence for a realistic prospect of a conviction for theft.

A charge upon which there is no evidence will inevitably fail. It is the duty of the defence lawyers to identify to the court where there is insufficient evidence to sustain a charge.  If the court agrees then the Judge must dismiss that charge.

The Post Office takes extremely seriously any allegation that there may have been a miscarriage of justice. We have seen no evidence to support this allegation.   The Post Office has a continuing duty after a prosecution has concluded to disclose any information that subsequently comes to light which might undermine its prosecution  or support the case of the defendant and continues to act in compliance with that duty.

The Horizon Computer System

Horizon is robust and effective in dealing with the six million transactions put through the system every day by our postmasters and employees at 11,500 Post Office branches. It is independently audited and meets or exceeds industry accreditations.   There have been 500,000 users of the system since it was introduced.

Nevertheless, rigorous re-investigations were undertaken into claims made by 136 mainly former postmasters that the system caused losses in their branches.

There is overwhelming evidence that the losses complained of were caused by user actions, including in some cases deliberate dishonest conduct. The investigations have not identified any transaction caused by a technical fault in Horizon which resulted in a postmaster wrongly being held responsible for a loss of money.

There is also no evidence of transactions recorded by branches being altered through ‘remote access’ to the system.  Transactions as they are recorded by branches cannot be edited and the Panorama programme did not show anything that contradicts this.

Resolution of cases

The Post Office was approached in 2012 by a small number of largely former Postmasters and MPs with the concern that faults in the Horizon computer system had caused losses at their Post Office branches.

In response the Post Office set up an independent inquiry and, when that found nothing wrong with the system, established a scheme to enable people to put forward individual complaints, providing financial support to those making claims so that they could obtain independent professional advice.

There were 150 cases put forward, 43 of which involved criminal convictions.

A number of the cases are now resolved, through mediation or otherwise, and the remainder of cases where the courts have not previously ruled have been put forward for mediation.

Mediation is overseen by the Centre for Effective Dispute Resolution (CEDR), an established leading and entirely independent organisation.   Those who have been offered mediation can still exercise their available rights if mediation is not successful – mediation itself doesn’t stop that.

Mediation cannot overturn a previous court ruling – only the courts can do so.

Campaign4Change’s questions to the Post Office

Based on this article, Campaign4Change put some questions to the Post Office:

  1. If an organisation the size of Boeing can be mistaken when it clears its own equipment and blames the human operators (pilots), it is possible that the Post Office was mistaken when it cleared its own equipment and blamed the sub-postmasters? [Boeing, which is much bigger than the Post Office, has vast test facilities and matching resources for investigations.]
  2. One outcome of the US investigations was that “no firm evidence of a technical malfunction” did not necessarily mean there was no technical malfunction. The 737 rudder system malfunction was found eventually to have been intermittent. It left no trace. [We know from the crash of a Chinook helicopter on the Mull of Kintyre in June 1994 that it’s possible for computer systems to fail to work properly – sometimes with an intermittent fault – and leave no trace.) Does the Post Office accept that mechanical or digital equipment can suffer from an intermittent fault that leaves no trace?
  3. Any comment please on the point that “no evidence of a technical malfunction” does not necessarily mean “no technical malfunction”?
  4. Any comment please on the point that large corporations, once they have cleared their equipment from blame after a single major incident – or further similar incidents – are unlikely ever to change their minds unless forced to?
  5. One of the most striking single aspects of any comparison between 737 crashes and the Horizon controversy is that it took professional full-time independent investigators in the US several years, millions of dollars and thousands of tests on one suspect component only, before they were able to establish not that the component in question had been the cause of two fatal crashes and a succession of other incidents but that it was the “probable” cause. There was no evidence that the suspect component was the cause. Has the Post Office required a higher standard of proof from sub-postmasters by requiring “evidence” to suggest that a Horizon malfunction or malfunctions caused the incidents in question?
  6. Boeing had to abide by the findings of the National Transportation Safety Board even though the Board did not agree with Boeing’s conclusions. The Post Office did not have to abide by the findings of its independent investigators Second Sight and was able to end Second Sight’s contract. Any comment please?
  7. In the US, the regulatory system allowed the National Transportation to require information from the various equipment manufacturers; and it could obtain information independently of the manufacturers, usually with their cooperation but not necessarily.   In comparison, the Post Office determined what information it passed to Second Sight and the families. On this point Second Sight had its concerns. In one of its reports for the Post Office, Second Sight said, “We have experienced significant difficulty in obtaining access to a number of documents we believe are necessary for the purposes of our investigation, notwithstanding Post Office’s commitment to make requested documents available to us.” Any comment please?
  8. The National Transportation Safety Board had the power (which it exercised) to exclude organisations that owned the equipment in question from participating in the inquiry. When the Post Office investigated Horizon systems in the light of losses shown on the systems, the Post Office, although owner and operator of the equipment in question, had the authority to retain full control of system information throughout.  Any comment please?
  9. The design of the 737 rudder system had been considered fail-safe and was certified on this basis. It had built-in “redundancy”. Even so, after thousands of tests, investigators found it could fail in very rare circumstances. The Post Office has explained at some length its Horizon failure back-up processes and procedures. Nevertheless could these prove fallible in very rare circumstances, in ways not yet fully understood?
  10. Boeing said it was open to any theory even if it meant Boeing was at fault. Is this the Post Office’s position?
  11. After the crash of United Airlines Flight 585 at Colorado Springs in 1991, the National Transportation Safety Board kept tabs on 737 rudder problems even without evidence they were the likely cause of any serious incidents.  Does this mark a different investigative approach to the Post Office which appears to have had a mindset that its equipment could not be to blame for losses?
  12. The NTSB after its initial investigation into the fatal crash of United Airlines 585 reached a conclusion that the probable cause was “undetermined reasons”. Would the Post Office consider such a possibility in the case of Horizon losses?
  13. Tests could not be carried out on 737 equipment until all parties agreed on how each piece would be tested. Agreement involved the Federal Aviation Authority as regulator, Boeing, the pilots’ union ALPA and the machinists’ union. In contrast the Post Office was in complete control of its investigations into Horizon losses.  Any comment please?
  14. The existence of the National Transportation Safety Board is a check against parties protecting their own corporate interests, namely the reputation of their equipment, after a major incident. What similar check exists to prevent the Post Office from seeking to protect its corporate interests – namely the reputation of its equipment – after a number of major incidents?

The Post Office’s reply (as mentioned earlier) was that “given that there is currently litigation it’s not appropriate for Post Office to comment”.

Postmasters tell their story – Computer Weekly investigation in 2009

Sub-postmasters and Horizon – timeline of events, 2009 to 2016 – Computer Weekly

Capita said to owe thousands to pharmacies

By Tony Collins

Capita owes some pharmacy owners thousands of pounds, according to Chemist+Druggist.

One pharmacist Salim Jetha of Lewis Grove Pharmacy in Lewisham told Chemist+Druggist he had emailed Capita in February but it “bounced back because the inbox was full”. He said that if emails are unanswered and there is no phone number to ring “what are you supposed to do?”

Under its Primary Care Support Services contract with NHS England, Capita is due, among other obligations, to reimburse some of the costs of pharmacy trainees. The trainees are termed “pre-registration” pharmacists because they have not yet passed a General Pharmaceutical Council assessment.

Pharmacy owners can apply for an annual grant from NHS England for up to £18,440 for every pre-registration trainee taken on.

Capita took on responsibility for delivering NHS England’s primary care support services in September 2015, including overseeing the pharmacy training grants.

In response to the article, Capita spokesperson said it is aware of “some isolated issues” and that all claims that meet “the required checks” have been backdated, as will any further claims.

The spokesperson said that one of the “key improvements” under Capita has been the introduction of a centralised process for dealing with primary care.

The old system was localised, meaning grant claims “came in from various sources on an ad hoc and irregular basis”.

Chemist+Druggist article

Jeremy Hunt is prepared to end Capita’s NHS contract if necessary

 

A classic “waterfall” IT project disaster – yet officials went by the book

By Tony Collins

Some of those who read “Crash – 10 easy ways to avoid a computer disaster” may remember a warning that buying an IT system on the basis that it works well in another country and can therefore be adapted to the UK’s needs, is flirting with disaster.

First published in 1999, Crash said,

“There are graveyards of computer projects that began life as a simple adaptation of a package used elsewhere in the world.”

One example at that time was the failure of the London Stock Exchange’s Taurus project.

Now a report published today by Audit Scotland on the “i6” project goes into forensic – but lucid – detail on what went wrong and the conflicting views of police and the supplier Accenture.

Says the report,

“The belief that most of the i6 system could be based on an existing IT system proved incorrect.”

It became clear well into project that

“a virtually fully bespoke system was required”.

The plan was for i6 to replace 130 paper-based processes and IT systems but on 1 July 2016, after many well-publicised difficulties and delays, the Scottish Police Authority and Accenture agreed to terminate the i6 contract.

Police in Scotland had chosen Accenture’s bid in 2013 largely because it had successfully implemented a system for Spain’s Guardia Civil police service.

To its credit Accenture refunded all the money the police in Scotland had paid for the i6 system, £11.06m, plus a further £13.56m – but Audit Scotland says the failure of the project …

“means that some of the benefits that should have arisen from implementing it, have been, at best, delayed. There was a need to modernise police ICT systems six years ago when the procurement of i6 began. That need has not been met. Police officers and staff continue to struggle with out-of-date, inefficient and poorly integrated systems.

“This also hinders how Police Scotland interacts and shares information and intelligence with the other parts of the justice system. There is an urgent need to determine what the next steps should be…”

The lessons are clear from the report:

  • Don’t buy an overseas system without realising that it’ll need to be built almost from scratch for the UK. The ideal is for the business processes to be greatly simplified and adapted to fit a tried and tested system, not the other way around. Audit Scotland says the police programme team and Accenture believed that the majority of the i6 system could be based on an existing IT system that Accenture had developed for Spain,  with the remainder being bespoke development work.  But there was an “over-reliance” on Accenture’s work for Guardia Civil”.
  • The “waterfall” systems development contributed to the fact that Police Scotland “only discovered the true extent of problems with the system when it was delivered for testing”.  Waterfall meant that Accenture produced the software in distinct phases, in a sequence resembling a waterfall. Once a phase was complete, the process moved to the next phase – and no turning back. “It meant that all of the design, coding and construction of i6 would be completed before Accenture released it to Police Scotland for testing. Police Scotland would pay for each phase when it was completed.” [Agile, on the other hand, is a “test and see” approach and is far more flexible. It can adapted according to what the end-user needs and wants, and changes in those needs and wants.]
  • Don’t trust the demonstration of a waterfall system. The demo may look great but rolling it out successfully across various regions may be a different story. Accenture had demonstrated i6 but much later, after a period of testing, the i6 programme team reported to the programme board in August 2015 that there were: critical errors in the technical coding, flaws that Accenture was unable to resolve as quickly as expected, serious concerns about the criminal justice module, which did not comply with the Integrated Scottish Criminal Justice Information System data standards, errors in the search and audit modules and “problems around the limited functionality in the administration module”.
  • External assurance reports may tell you that you have complied with good practice and they may give you detailed praise for your attention to detail but they probably haven’t looked at the big question: will the systems ever work? Audit Scotland said external assurance reports such as the Scottish Government’s “Gateway reviews” suggested improvements but “raised no major concerns”.  Throughout the course of the i6 programme, most of the external reviews suggested that delivery confidence was either amber or green.
  • If the plan is for a waterfall development, doing everything by the book before a contract is awarded will not guarantee success, or even make it more likely, if you haven’t asked the big question: Is this ever likely to work given the complexities we don’t yet understand? For officials in Scotland, everything went smoothly before the award of contract: there were even 18 months of pre-contract discussions. But within weeks of the contract’s start, Police Scotland and Accenture disagreed about whether the proposed system would deliver the requirements set out in the contract. Soon there was a “breakdown in relationships and a loss of trust between Police Scotland and Accenture that never fully recovered,” said Audit Scotland.
  • The supplier may be just as optimistic as you. “As the design and development of i6 progressed, it became apparent that Accenture would need to develop significantly more than had been originally anticipated. Despite delays and serious problems throughout the lifetime of the programme, Accenture provided regular assurance, in the face of strong challenge, about their confidence in delivering the i6 system. This assurance proved misplaced.”
  • When planning a waterfall system that has complexities and inter-dependencies that are not fully understood at the outset, expect ever-lengthening delays and projected costs to soar. At one point Police Scotland estimated that the level of effort Accenture would require to complete i6 was around eight times greater than the resources Accenture had estimated when signing the original contract. “The i6 programme team believed that the functionality of Accenture’s solution did not meet the requirements it had agreed in the contract. Accenture maintained that Police Scotland had not specified a detailed description of business requirements. This issue had not emerged during months of pre-award dialogue. Accenture also believed that it had set out clearly what its solution would do and maintained that Police Scotland, as part of procurement process, had accepted its qualified solution. A dispute followed about the interpretation of the contract requirements. Police Scotland argued that, after months of competitive dialogue, the requirements of the i6 system were well-defined, and that in line with the contract, these took precedence. Accenture argued its solution had precedence and that Police Scotland was trying to extend the scope of the programme. Accenture stated that, to meet Police Scotland’s interpretation of requirements, it would require more time and money.”
  • As soon as things start going badly awry, stop and have a re-think. Cancel all existing work if necessary rather than plough on simply because failure isn’t an option. Above all, take politics out of the equation. The Scottish Police Authority was anxious about i6 being seen to be a success after the failure of a previous police ICT project in 2012 – the Common Performance Management Platform. At the same time the i6 programme was “extremely important to Accenture at a global level. “This may have led to misplaced optimism about the prospects of success and unwillingness to consider terminating the programme,” says Audit Scotland.
  • When things start to go wrong, the truth is unlikely to emerge publicly. Even those accountable for the project may be kept in the dark. “Police Scotland were cautious of commercial sensitivities when providing assurances on i6 publicly. The Scottish Parliament’s Justice Sub-Committee on Policing held a number of evidence sessions with the Scottish Police Authority and Police Scotland to explore progress with the i6 programme. In March 2014, the Sub-Committee expressed frustration at the lack of information about the problems with the i6 programme that had been ongoing since August 2013. Police Scotland did not disclose the severity of the issues facing the programme, nor was it overly critical of Accenture. This may have reflected a desire to maintain relationships with Accenture to keep the programme on track or to maintain the commercial confidentiality of the contract.”

Accenture’s response

Accenture said,

“As the report acknowledges, the scope and the complexity of the solution for i6 increased significantly during the project.  This was driven by the client.  There were challenges and issues on both sides, but we worked closely with Police Scotland to review the programme and recommend revised plans to successfully deliver i6.

Despite our best efforts, it was not possible to agree the necessary changes and we mutually agreed to end the project.”

In May 2017 Audit Scotland is due to publish a report that summarises the lessons from a number of public sector ICT projects it has investigated.

Some of what i6 was intended to cover …

Comment

Tis a pity officials in Scotland hadn’t read Crash before they embarked on the i6 project – or if they had, taken more notice of the dangers of assuming a system that works overseas can be tweaked to work in the UK.

We commend Audit Scotland for its expert investigation and a fine report.

Clearly the failure of i6 is not entirely Accenture’s fault.  The project was commissioned on the basis of assumption and when things went wrong politics intervened to prevent a complete stop and a fundamental re-think.

Fatally, perhaps, there appears to have been no discussion about simplifying police administration to make the IT more straightforward. If police administration is so enshrined in law that it cannot be simplified, officials would have to accept before awarding the contract that they were buying an entirely new system.

The UK armed services simplified volumes of rules and practices before it introduced pay and personnel administration systems. It was hard, inglorious work. But simplifying ways of working first can make the difference between IT success and failure.

i6 – a review. Audit Scotland’s report. 

Waterfall approach damns £46m Scottish police system – Government Computing

Another public sector IT disaster – but useful if the lessons are learned.

Crazy – millions of citizens offered two competing government identity systems

 

From HMRC’s website on Gov.UK … Which should you choose to confirm your identity?
HMRC and other government departments are offering millions of citizens the choice of two “competing” identity systems – the Cabinet Office’s GOV.UK Verify, or HMRC’s Government Gateway.
There’s no guidance offered on which to choose; and no explanation for the absence of joined-up thinking.

By Tony Collins

When Whitehall departments do their own thing, the public rarely notices the duplicated time, effort and cost, at least when it comes to IT.  Now the “silo” approach has spilled out into the public arena.

The Government Digital Service – part of the Cabinet Office – developed GOV.UK Verify to enable people to confirm their identify when they want to use government services online.

At the same time, HMRC continued to work on a separate identity system: Government Gateway.

The cost of the two developments isn’t known.

HMRC prefers its own development work on Government Gateway because it enables companies as well as individuals to identify themselves. Verify is designed for individual use.

But instead of adapting one or the other to serve individuals and companies, or using Government Gateway for companies only, central departments are offering both  – with no guidance on which system citizens should choose; and there’s no explanation for the absence of a joined-up approach to IT.

The BBC’s technology correspondent Rory Cellan-Jones says of the two separate identity systems that GDS and HMRC are engaged in a “bitter turf war”.

Comment

Today I went online to renew a driving licence and was shepherded by DVLA to use the Government Gateway identity system. A few weeks ago I had already successfully registered with GOV.UK Verify.

Government Gateway didn’t work properly, for me at least, although I had all the correct documents.

When I registered to use a different government service a few weeks I had no choice but to use GOV.UK Verify to confirm my identity. Verify was thorough, seamless and worked perfectly. Impressive. It left the impression of a system that had been well thought out, with the citizen in mind.

Putting aside the fact that Government Gateway did not work for me, it seemed dated, much less thorough than Verify, and left an impression of transience – that it was a temporary “make-do” system. For instance, the help screens were not tailored to the particular question being asked. Not impressive.

For me. GOV.UK Verify is the identity system of choice. It could surely be adapted to confirm the identities of companies – unless HMRC would rather continue to do its own thing.

It’s ludicrous that central government is spending billions of IT annually without a joined-up approach. Ministers keep promising it. Officials at conferences keep promising it. Whitehall press releases promise it.

A few weeks ago departments were offering only Government Gateway or GOV.UK Verify. Now many of them are offering both.

That’s progress?

Disturbing

A wider point of Whitehall’s dual IT approach to identity verification is that it’s the tip of the iceberg (apologies for the cliché but it’s apt).

With their ICT budgets, collectively, of billions of pounds a year, central departments are, in the main, doing their own thing.

A politician with the clout of Francis Maude may be needed to bang the heads of permanent secretaries together. But even if Maude’s replacement Ben Gummer had that clout – and he doesn’t – permanent secretaries and departmental boards would complain that the Cabinet Office was interfering.

Complaints along these lines would be made, perhaps, in off-the-record briefings to friendly journalists and to the National Audit Office in departmental responses to NAO surveys of senior officials, with the result that the Cabinet Office would end up backing away from trying to enforce a joined up IT approach.

That a genuine joined-up approach to government IT has been talked about for decades and hasn’t happened is largely because, outside of determining of the size of budgets, it is the permanent secretaries and their senior officials who hold power in Whitehall,  not transient politicians.

And bureaucracies always want to keep their departmental empires as intact as possible.

The current two top Whitehall officials, Cabinet Secretary Sir Jeremy Heywood and John Manzoni, chief executive of the civil service, are consensus-seeking people, not at all confrontational. Probably their lack of a controversial edge is one of the main reasons they were chosen for their jobs.

All of which means there’s no chance of permanent secretary heads being banged together in an effort to cut costs and help bring about joined up government IT .

In 2012, Francis Maude, then Cabinet Office minister,  said, in a speech to the FT Innovate Conference,

“In the last decade our IT costs have gone up – while our services remained patchy. According to some estimates, we spend more on IT per capita than any other government.”

Is government ICT spending much less today? Perhaps HMRC’s Government Gateway officials would let us know.

**

Some Twitter comments





Capita’s chief executive to step down

By Tony Collins

Capita’s chief executive Andy Parker is to step down later this year. The company has today announced that full-year results for 2016 were “disappointing”.

The company reported a sharp fall in annual profit.

Underlying pre-tax profit – which strips out restructuring costs – was £475.3m, well below the group’s expectations despite two profit warnings late last year.

Capita had said in December it expected annual pre-tax profits in the current financial year to be at least £515m.

Reported pre-tax profit was £74.8m, down 33 per cent year-on-year on slightly higher revenues of £4.9bn.

The company is moving some jobs to India, where it already provides outsourcing services for UK companies.

Capita is being dropped from the FTSE 100 from 20 March 2017. Its share price has fallen sharply over the past year but has risen gradually from its low about three months ago. The company’s share price fell sharply this morning, at one point down nearly 10% on yesterday’s close.

The company has had problems on multiple contracts.

In a statement this morning Parker said,

“2016 was a challenging year and Capita delivered a disappointing performance. We are determined to turn this performance around. We have taken quick and decisive action to reduce our cost base, increase management accountability, simplify the business, strengthen the balance sheet, and return the Group to profitable growth.

“We remain very confident that our target markets continue to offer long term structural growth. Capita is well placed in these markets with our unique set of complementary capabilities and the talent of our people. The bid pipeline of major contract opportunities remains active, and we are also seeing success in providing additional new, high value, replicable services to clients.

“The proposed sale of our Asset Services businesses and Specialist Recruitment businesses are on track. We have received good interest and, following regulatory approvals where required, we remain confident in concluding these transactions this year, which will leave us with a more focussed Group and significantly strengthen our balance sheet.

“We expect 2017 to be a transitional year for the business, as we complete our disposals, bed down the structural changes inside the business, and re-position Capita for a return to growth in 2018”.

Capita’s 2016 full-year results

Hunt is prepared to end Capita’s NHS contract if necessary.

Hunt is prepared to end Capita NHS contract if necessary

By Tony Collins

During a short debate in the House of Commons on Monday (27 February 2017) MPs complained about continuing problems on Capita’s contract to provide various support services for GPs.

The health secretary Jeremy Hunt told one MP,

“If Capita does not perform what it is contracted to do, we will take all necessary measures, including ending the contract.

“… there have been a number of problems with that contract in its early days. We believe that the situation on the ground is beginning to improve, but a lot of progress still needs to be made.”

Despite warnings from GPs that the private sector would find it difficult to take over multiple in-house support services for GPs, NHS England awarded Capita a seven-year £330 contract to run the Primary Care Support Services from 1 September 2015. Promised savings in the first year were about £40m on a budget of about £100m.

But problems began even before Capita took over, because NHS England made staff cuts in preparation for the start of the outsourcing deal. GPs complained in August 2015 about significant and unpredictable disruption.

By last year NHS England was describing Capita’s performance on the contract as “unacceptable”. Problems have continued for nearly a year.

This week in the Commons, one Labour MP Kate Green, suggested that problems on the Capita contract were no longer teething.

“GP practices in my constituency told me only a couple of weeks ago that those problems not only continue but are worsening.”

Another MP Sarah Wollaston, who’s a  former GP and hospital doctor, and is now chairwoman of the Commons’ health committee, also told Hunt that problems on Capita’s GP support contract were “ongoing”.

She said,

“… there are ongoing problems with the transfer of patient records. GPs and hospitals spend endless hours chasing up results, investigations and letters on a daily basis. Is it not time that patients were given direct control of their own records, and will the Secretary of State provide an update on that to the House?”

Hunt replied that there were some teething problems that have been “causing problems for GPs”. He said his health minister Nicola Blackwood has been “meeting Capita and people relating to that contract on a fortnightly basis to identify the problems”.

He added that “we have become the first country in the world to give every patient access to their own records online”. From September, “people will be bable to do that without having to go to their GP’s surgery”.

Labour MP Margaret Greenwood told Hunt that a “number of GP practices in Wirral West have made clear to me their concerns about Capita’s handling of confidential patient records”.

She said,

“There have been cases of patient records being delayed when they move to another practice, and in some instances confidential records have not arrived at all… there is also concern that, if a patient is a risk to a doctor because of a mental health issue, that has not been flagged up to medical staff. That is a very serious risk to put staff under.”

She asked Hunt if he shared the view of the chair of the British Medical Association’s GP committee, who said that the GP support services contract was an example of what happens when the NHS tries to cut costs by inviting private companies to do work which they don’t do properly”.

What Google looks for when hiring staff … traits Whitehall’s culture abhors?

By Tony Collins

The contrast between what Google looks for when hiring staff and what Whitehall looks for when making some of its top appointments, could give clues as to why many government IT-based projects and programmes fail.

First, the strengths Google looks for.  These were set out yesterday on BBC R4 by Laszlo Bock,  human resources chief at Google for 10 years.

Google was named “Best Company to Work For” more than 30 times around the world and received over 100 awards as a top employer during Bock’s time.

In 2010, he was named “Human Resources Executive of the Year”. Under him, Google changed its clunky, arduous recruitment processes that relied on gimmicks like maths puzzles to those that helped the company grow to about 60,000 employees in less than two decades.

In 2015 he  published his first book, The New York Times bestseller Work Rules!, a practical guide to help people find meaning in work and improve the way they live and lead. He resigned from Google in 2016.

On the BBC  “Analysis” programme on Monday evening – which looked at intelligence and talent and what they mean, if anything, in job interviews –  Bock said the least important attribute Google screens for is whether someone knows about the job they are taking on. Crunching the data on successful hiring led Google instead to look for these characteristics:

  • Humility
  • Conscientiousness
  • A sense of responsibility not to quit until the job is done well
  • Comfort with ambiguity
  • A sense of fun
  • Courage

Why courage?

Bock said,

“It’s about the importance of people being able to raise their voices in organisations. One of the things that happens is, when organisations get large, people stop raising their voices and really bad things happen as a result. That’s where you get whistleblowing, insider trading, all kinds of things.

“Human beings are evolved, biologically, as social, hierarchy-seeking animals. We tend to conform. So courage is important because the really innovative, creative stuff comes from ‘I got this crazy idea’ and the bad problems get flagged by people who are willing to raise their hand and say ‘I don’t think this is a good thing to do’.

“Without that you can’t do great things.”

Comment

It’s too easy to generalise about the hiring and appointment of senior civil servants. But it’s possible to understand a little about the hiring culture within Whitehall’s biggest department, the Department for Work and Pensions.

An insight into DWP culture and thinking can be gleaned from the many Lever arch folders of documents filed by the DWP as part of an FOI case in which it spent several years fighting to stop the release of documents about the Universal Credit IT programme.

The documents include DWP witness statements on the “harm” that would be caused if the IT documents in question were published.

The judge in the case, Chris Ryan, challenged most of the DWP’s arguments.

In one of his rulings, Judge Ryan described the DWP’s claims as:

  • alarming and surprising
  • overstated
  • unconvincing
  • close to fanciful

He said that public confidence in the Universal Credit IT programme had been maintained for some time “on a false basis”; and he raised the possibility that an “unhealthily collegiate relationship had developed” between the DWP and private sector IT suppliers. [Campaign4Change will publish a separate blog post on this ruling in the next few days.]

As well as the insight into DWP culture that one can gain from the FOI case, it’s possible to gauge culture and thinking within Whitehall departments from the talented, free-thinking IT individualists who have joined the top layer of the civil service, quit and returned to the private sector.

It would be invidious to pick out some names as there are so many.

What all this suggests is that Whitehall’s culture appreciates conformity and consensus and shuns boat-rocking.

When top IT professionals who joined HMRC and the DWP spoke publicly at conferences about institutional problems that needed to be tackled, mandarins reacted quickly – and such disclosures were never repeated.

And after a leak to the Guardian about the results of a DWP staff survey of morale on the Universal Credit IT programme, the department launched a formal leak inquiry headed by a senior member of the security services.

At the same time, Universal Credit IT programme documents were no longer emailed but transferred around in taxis.

This bout of nervous introspection (the judge described the DWP’s arguments in the FOI case as “defensive”) when taken together with what else we know, indicate that Whitehall’s culture is insular, distrustful and inimical to open challenge and problem-solving (though there are some within the senior Whitehall ranks who successfully defy that culture).

When Bock talks of conformity being a danger within large organisations he would not have had the DWP in mind – but he aptly describes its culture.

When he speaks about the “importance of people being able to raise their voices in organisations” he was probably unaware of the extent to which Whitehall culture abhors raised voices.

As Bock says, when people don’t raise their voices “really bad things happen as a result”. Perhaps the lack of internal challenge was one reason the NHS IT programme – NPfIT – lost billions of pounds, and the DWP’s Universal Credit programme went badly awry for several years.

When Bock says the “really innovative, creative stuff comes from ‘I got this crazy idea’, he could have been describing the culture of the Government Digital Service. But that refreshing GDS culture is being slowly choked by the conservatism of traditional Whitehall departments.

As Bock says, “the bad problems get flagged by people who are willing to raise their hand and say ‘I don’t think this is a good thing to do’.”  But bad problems are things senior civil servants avoid talking about, even internally. A Disneyland”good news” culture pervades central departments.

A National Audit Office report on the Universal Credit programme referred to a “fortress mentality” within the DWP.

Maybe the consensus-seeking John Manzoni, head of the civil service, and his colleague Sir Jeremy Heywood, Cabinet Secretary, could seek to employ Bock as an adviser on appointments and recruitment.

Bock’s brief? To turn around the senior civil service’s culture of conformity, groupthink, denial, selective use of “good news” facts and a lack of open challenge.

Recognising the destructiveness within a big organisation of having the wrong culture – as Bock does – could be the start of a genuine Whitehall transformation.

BBC R4 “Analysis” on talent, intelligence and recruitment

Laszlo Bock steps down

Whitehall’s outsourcing of IT a “bad mistake” – and other Universal Credit lessons – by ex-DWP minister

By Tony Collins

Lord Freud, former Conservative minister at the Department for Work and Pensions – who is described as the “architect” of Universal Credit – said yesterday that outsourcing IT across government had been a “bad mistake”.

He announced in December 2016 that was retiring from government. Having been the minister for welfare reform who oversaw the Universal Credit programme, Lord Freud yesterday went before the Work and Pensions Committee to answer questions on the troubled scheme.

He said,

“The implementation was harder than I had expected. Maybe that was my own naivety. What I didn’t know, and I don’t think anyone knew, was how bad a mistake it had been for all of government to have sent out their IT.

“It happened in the 1990s and early 2000s. You went to these big firms to build your IT. I think that was a most fundamental mistake, right across government and probably across government in the western world…

We talk about IT as something separate but it isn’t. It is part of your operating system. It’s a tool within a much better system. If you get rid of it, and lose control of it, you don’t know how to build these systems.

“So we had an IT department but it was actually an IT commissioning department. It didn’t know how to do the IT.

“What we actually discovered through the (UC) process was that you had to bring the IT back on board. The department has been rebuilding itself in order to do that. That is a massive job.”

But didn’t DWP civil servants make it clear at the outset that there wasn’t the in-house capability to build Universal Credit?

“The civil service thought it had the capacity because it could commission the big firms – the HPs and the IBMs – to do it. They did not see the problem, and government as a whole did not see the problem of doing it.

“It’s only when you get into building something big you discover what a problem that was…”

Accountability needed

But it was known at the launch of Universal Credit that government IT projects had a history of going wrong. Why hadn’t people [the DWP] learnt those lessons?

“I agree with you. People have found it very hard to work out what was the problem… you need someone doing it who is accountable. But when you commission out, you don’t have that process.

“You need a lot of continuity and that’s not something in our governance process. Ministers turn over very regularly and more importantly civil servants tend to turn over rather regularly because of the pay restrictions – they only get more pay when they are promoted – so there is a two-year promotion round for good people.

“Effectively we had a programme that had been built outside, or with a lot of companies helping us build it.”

Lord Freud explained differences between the two Universal Credit systems being rolled out.

First there is the “live” system [built at a cost of hundreds of millions of pounds that interfaces with legacy benefit systems but is not interactive beyond the initial application form].

The DWP is also rolling out in some pilot areas such as Croydon a “full system” [built at a cost of less than £10m, run on agile principles and is interactive beyond the initial application form].

Lord Freud said,

“The difference between the two is that the live system has all of the essential features of Universal Credit – you get paid an amount at a certain time – but interaction with the system after the initial application is through the telephone or through the post.

“The interactive [“full”] system has the features of Universal Credit but interaction with it is much faster because it’s on the internet. That’s the difference…

“How would I have done it in retrospect?

“The other thing I have discovered about big organisations that I hadn’t understood was it’s very difficult for them to deal with something that’s purely conceptual.

“You need something on the ground. What you should do is get something on the ground quickly – small, maybe imperfect – but the organisation can start coalescing around it, understand it, and start working it.

“Oddly, not having an all-singing, all-dancing system that is now going out, was essential for the organisation to understand what it had and how to adapt it. The IT is only a very small element. Most of the work is around your operations and organisation and how you apply it.

“The second thing we introduced in the 2013 reset was “test and learn”. It’s a phrase but what it means is that you have a system you understand and then test and test, instead of going out with a big system at once. You test all the elements because it’s impossible to envisage how something as big (as Universal Credit) unless you do it like that.

Lessons for government as a whole?

“It was a mistake putting IT out. You have to bring it back in. It’s quite hard to bring it back in because the image of government with the IT industry is not great so you have to set up an atmosphere of getting really good people in, so it’s an attractive place to work; you have to pay them appropriately.

“Our pay scales are not representative of what happens in some of these industries.

Scarce skills

“There are three areas of specialisation that government finds it very hard to buy: various bits of IT, running contracts and project management. Those are three really scarce skills in our economy. We need in government to pay for those specialisms if we are to do big projects.”

Other lessons?

“There’s an odd structure which I don’t quite believe in any more, which is the relationship between the politician – the minister – and the civil service.

“The concept is that the politicians decide what their objectives are and the civil service delivers it. I don’t believe that you can divide policy and implementation in that way. That’s a very big issue because our whole government is built up with that concept and has been for more than 100 years.”

Where does project management fit?

“In theory the civil service produces the project management but it’s an odd circumstance. It didn’t quite happen with Universal Credit. In my first five years I had no fewer than six senior responsible owners and six project managers.

“You can imagine what that was like with something as complicated as Universal Credit when the senior people hadn’t had the time to understand what it was they were dealing with; and what that implied for the minister – me – in terms of holding that together.”

Lord Freud suggested that he was acting as the permanent project manager although he had his normal ministerial duties as well – including being the government’s spokesman in the House of Lords on welfare reform matters.

“As a minister you don’t have time to do project manage a big project. I was sending teams out to make sure we were on top of particular things, which were then reincorporated into the whole process. But it was a very difficult time as we built the department into a capability to do this. There is now a very capable team doing it.”

Comment:

Two of the questions raised by Lord Freud’s comments are: If outsourcing IT is now considered such a bad idea for central government, why is it councils continue to outsource IT?

Would it be better for taxpayers in the long run if the Department for Communities and Local Government intervened to stop such deals going ahead?

Lord Freud’s evidence on Universal Credit programme in full

 

 

 

Southwest One – a positive postscript

By Tony Collins

somerset county council2IBM-led Southwest One has had a mostly bad press since it was set up in 2007. But the story has a positive postscript.

Officials at Somerset County Council now understand what has long been obvious to ICT professionals: that the bulk of an organisation’s savings come from changing the way people work – and less from the ICT itself.

Now that Somerset County Council has the job of running its own IT again – its IT-based relationship with Southwest One ended prematurely in December 2016 – the council’s officials have realised that technology is not an end in itself but an “enabler” of headcount reductions and improvements in productivity.

A 2017 paper by the county council’s “Programme Management Office”  says the council has begun a “technology and people programme” to “contribute to savings via headcount reduction by improving organisational productivity and process efficiency using technology as the key enabler”.

Outsourcing IT a “bad mistake” 

It was in 2007 that Somerset County Council and IBM launched a joint venture, Southwest One. The new company took over the IT staff and some services from the council.

In the nine years since then the council has concluded that outsourcing ICT – thereby separating it from the council’s general operations – was not a good idea.

The same message – that IT is too integral and important to an organisation  to be outsourced – has also reached Whitehall’s biggest department, the Department for Work and Pensions.

Yesterday (8 February 2017) Lord Freud,  who was the Conservative minister in charge of Universal Credit at the Department for Work and Pensions, told MPs that outsourcing IT across government had proved to be a “bad idea”.  He said,

“What I didn’t know, and I don’t think anyone knew, was how bad a mistake it had been for all of government to have sent out their IT…

“You went to these big firms to build your IT. I think that was a most fundamental mistake, right across government  and probably across government in the western world …

” We talk about IT as something separate but it isn’t. It is part of your operating system. It’s a tool within a much better system. If you get rid of it, and lose control of it, you don’t know how to build these systems.

” So we had an IT department but it was actually an IT commissioning department. It didn’t know how to do the IT.

“What we actually discovered through the (Universal Credit) process was that you had to bring the IT back on board. The department has been rebuilding itself in order to do that. That is a massive job.”

Task facing Somerset officials

Somerset County Council says in its paper that the council now suffers from what it describes as:

  • Duplicated effort
  • Inefficient business processes
  • A reliance on traditional ways of working (paper-based and meeting-focused).
  • Technology that is not sufficient to meet business needs
  • Inadequate data extraction that does not support evidence based decision making.
  • “Significant under-investment in IT”.

To help tackle these problems the council says it needs a shift in culture. This would enable the workforce to change the way it works.  

From January 2017 to 2021, the council plans “organisation and people-led transformational change focused on opportunities arising from targeted systems review outcomes”.

The council’s officers hope this will lead to

  • Less unproductive time in travelling and  attending some statutory duties such as court proceedings.
  • Fewer meetings.
  • Reduced management time because of fewer people to manage e.g. supervision, appraisal, performance and sickness.
  • Reduced infrastructure spend because fewer people will mean cuts in building and office costs, and IT equipment. Also less training would be required.
  • Reduction in business support process and roles.
  • Reduction in hard copy file storage and retention.

 The council has discovered that it could, for instance, with changes in working practices supported by the right technology,  conduct the same number of social services assessments with fewer front- line social workers or increase the level of assessments with the same number of staff.

Southwest One continues to provide outsourced services to Avon and Somerset Police. The contract expires next year.

Comment

Somerset County Council is taking a bold, almost private sector approach to IT.

Its paper on “technology and people” says in essence that the council cannot  save much money by IT change alone.

Genuine savings are to be found in changing ways of working and thus reducing headcount. This will require very close working – and agreement – between IT and the business end-users within the council.

It is an innovative approach for a council.

The downside is that there are major financial risks, such as a big upfront spend with Microsoft that may or may not more than pay for itself.

Does outsourcing IT ever make sense?

Somerset County Council is not an international organisation like BP where outsourcing and standardising IT across many countries can make sense.

The wider implication of Somerset’s experience – and the experience of the Department for Work and Pensions – is that outsourcing IT in the public sector is rarely a good idea.

Thank you to Dave Orr, who worked for Somerset County Council as an IT analyst and who has, since the Southwest One contract was signed in 2007, campaigned for more openness over the implications of the deal.

He has been more effective than any Somerset councillor in holding to account the county council, Taunton Deane Borough Council and Avon and Somerset Police, over the Southwest One deal.  He alerted Campaign4Change to Somerset’s “Technology and People Programme” Somerset paper.

One of Orr’s recent discoveries is that the council’s IT assets at the start of the Southwest One contract were worth about £8m and at hand-back in December 2016 were worth just £0.32m, despite various technology refreshes.

Somerset County Council’s “Technology and People Programme” paper

Whitehall’s outsourcing IT a “bad mistake” – and other Universal Credit lessons, by a former DWP minister

Birmingham Council to “close down” contract with Capita when it ends in 2021

By Tony Collins

Birmingham City Council has said in a job advert that it plans to “close down” its joint venture contract with Capita when it expires in 2021.

The advert was discovered by Government Computing which has reported the job requirements in detail.

Capita and Birmingham City Council have one of the largest and longest IT-based outsourcing contracts in the public sector.

It began in 2006 when the council and Capita set up a joint venture “Service Birmingham”. The council has spent about £85m to £120m a year on the contract which puts the total cost of the deal so far at more than £1bn.

Government Computing reports that the council is seeking an assistant director ICT and digital services and CIO role. The job will include a task to “oversee the effective closedown of the current Service Birmingham ICT contract”.

This suggests the council is unlikely to renew the existing contract. It could decide to sign a new outsourcing deal but the signs so far are that the council will bring services in-house in 2021.

The council says in the job advert it wants to move to an “increasingly agile state of continuous business transformation”.

Nigel Kletz, director of commissioning and procurement for Birmingham City Council, told Government Computing,  “The current Service Birmingham contract has four years still to run (until 2021), so this role will lead the implementation of the ICT and digital strategy, which includes developing a transition programme to identify and then implement ICT delivery options going forward.

“Decisions on how ICT support is provided from 2021 onwards are yet to be taken.”

Capita did not add to the council’s statement.

Alan Mo, research director at public sector analysis group Kable, is quoted in Government Computing as saying,

“When it comes to ICT, Birmingham is the largest spending council in the UK. Given what’s at stake, we cannot over emphasise the importance of early planning…

“As we know, Service Birmingham has been under a huge amount of scrutiny over the past few years. Given the trends in local government, it would not surprise us if Birmingham prefers to go down the in-sourcing path; the council has already opted to take back contact centre services.”

Projected savings of “£1bn” 

Service Birmingham lists on its website some of the benefits from the joint venture.

  • Projected cost savings of £1bn back to the Council over the initial 10-year term, for reinvestment in services
  • £2m investment in a new server estate
  • Rationalising 550 applications to 150
  • Consolidated 7 service desks into 2
  • 500% improvement in e-mail speed
  • Help desk calls answered within 20 seconds increased from 40% to nearly 90%

Service Birmingham provides Birmingham City Council’s IT, along with a council tax and business rates administration service. The council has discussed taking back in-house the council tax  element of the contract. 

Capita has run into trouble on some of its major contracts, including one with the NHS to supply services to GPs.

Comment

It appears that Capita has served its purpose and put the council into a position where it can take back ICT services now that are in a better state than they were  at the start of the contract 2006.

Austerity is the enemy of such large public sector IT-based outsourcing contracts.  When councils can afford to spend huge sums – via monthly, quarterly and annual service charges – on so-called “transformation”, all may be well for such deals.

Their high costs can be publicly justified on the basis of routine annual efficiency “savings” which do not by law have to be verified.

The downfall for such deals comes when councils have to make large savings that may go well beyond the numbers that go into press releases. It’s known that Birmingham City Council has been in almost continuous negotiation to reduce the annual sums paid to Capita.

Capita is not a charity. How can it continue to transform ICT and other services, pay the increasing salaries of 200 more people than were seconded from the council in 2006, accept large reductions in its service changes and still make a reasonable profit?

It makes economic sense, if Birmingham needs to pay much less for IT, to take back the service.

It’s a pity that austerity has such force in local government but not in central government where IT profligacy is commonplace.

Job spec for senior Birmingham IT post looks towards end of Service Birmingham ICT deal – Government Computing