The real reason NHS Risk Register is a State secret?

By Tony Collins

Yesterday  (15 May 2012) the Information Commissioner Christopher Graham issued a finely-crafted report to Parliament on his concerns about the Government’s use of a ministerial veto to stop publication of the Transition Risk Register relating to health service reforms.

Graham’s concern is that the veto represents a new and worrying approach to Freedom of Information.

Graham cannot do anything about the veto but he can warn MPs when he feels the Government has gone too far. This he has done in his report which says that the previous three occasions on which the ministerial veto has been exercised related to the disclosure of Cabinet material under FOIA. Now the Government has applied the veto to information held by the Department of Health.

Says yesterday’s report: “ The Commissioner would wish to record his concern that the exercise of the veto in this case extends its use into other areas of the policy process. It represents a departure from the position adopted in the Statement of Policy and therefore marks a significant step in the Government’s approach to freedom of information.”

The Government’s decision to ban publication of the health service risk register is particularly relevant to IT-related projects. This is because the government uses exactly the same arguments to ban contemporaneous publication of Gateway reviews and other independent assessments of IT-related projects and programmes.

Risk registers and Gateway reviews of IT-enabled change projects are similar. They are designed to identify all the main risks associated with the project or programme and have a red/amber/green system of rating the risks.

The Government’s argues that risk registers (and Gateway reviews) are researched and written in a “safe space” that allows civil servants to give advice and recommendations in a frank way. This candour would be compromised if the civil servants thought their advice would be published, says the Government.

In issuing a veto on the health risk register Andrew Lansley, the Health Secretary said, in essence, that he could not trust civil servants to be entirely honest if they knew their reports would be made public.

Said Lansley:  “If risk registers are routinely or regularly disclosed at highly sensitive times in relation to highly sensitive issues, or there is legitimate concern that they could be, it is highly likely that the form and content will change: to make the content more anodyne; to strip out controversial issues or downplay them; to include argument as to why risks might be worth taking; to water down the RAG [red,amber, green] system.

“They would be drafted as public facing documents designed to manage the public perception of risk; not as frank internal working tools. These consequences (many of them insidious) would be to the detriment of good government.”

Lansley also wanted to ban publication to pre-empt sensational media coverage.  In this he was repeating the arguments made by civil servants under Labour who refused, under the FOI Act, to publish risk registers and Gateway reviews.  Said Lansley “I consider that the form and the frankness of the content of TRR [health service Transition Risk Register] would have been liable to create sensationalised reporting and debate.

“The content would also have been inherently highly open to misinterpretation by both the press seeking a headline and/or for political reasons. The likelihood of this occurring is particularly acute where the subject matter is, as with the Transition programme, controversial and the proposals at a highly sensitive stage.”

But the Commissioner did not accept that disclosure of the Transition Risk Register would affect the frankness and candour of future risk registers. The Commissioner also said that a ministerial veto should, by law, be made only in exceptional circumstances.  But the Government has failed to explain why there are exceptional circumstances in this case.  Said the Commissioner:

“The Commissioner does not consider that sufficient reasons have been given as to why this case is considered to be exceptional, particularly in light of the [Information] Tribunal’s decision dismissing the Department’s [Department of Health’s] appeal.

“The Commissioner notes that much of the argument advanced as to why the case is considered to be exceptional merely repeats the arguments previously made to Commissioner and the Tribunal and which were in part dismissed by the Tribunal.”

Graham concludes:

“In light of previous commitments he has made, and the interest shown by past Select Committees in the use of the ministerial veto, the Commissioner intends to lay a report before Parliament under section 49(2) FOIA on each occasion that the veto is exercised. This document fulfils that commitment.

“ Laying this report is an indication of the Commissioner’s concern to ensure that the exercise of the veto does not go unnoticed by Parliament and, it is hoped, will serve to underline the Commissioner’s view that the exercise of the ministerial veto in any future case should be genuinely exceptional…

“The arguments employed by the Department at the Tribunal and by the Secretary of State in explanation of the subsequent veto, both in the Statement of Reasons and in exchanges in the House of Commons around the Ministerial Statement, certainly use the language of ‘exceptional circumstances’ and ‘matter of principle’. But the arguments are deployed in support of what is in fact the direct opposite of the exceptional – a generally less qualified, and therefore more predictable, ‘safe space’.

“As such, the Government’s approach in this matter appears to have most to do with how the law might be changed to apply differently in future. This question falls naturally to consideration by the Justice Committee who have been undertaking post-legislative scrutiny of the Act.”


The reason for the veto in the case of the health service risk register has little to do with protecting a safe space for frank discussion.

Civil servants already compile risk registers, Gateway reviews and similar reports on the basis that they may, at some point, be published. Officials are no more likely to be frank if they know their reports will be confidential than more guarded if they know the documents will be published. They will do what their job entails. Their job requires honesty. They will do that job whether or not reports are published.

The real reason for the veto – and the refusal of departments to publish all contemporaneous internal reports on large and complex programmes, particularly those with a large IT element – is that some new schemes within Government operate at a shambolic level.

Any new government, whatever its hue, soon learns to keep secret the fact that such programmes are sometimes characterised by near anarchy.

One outsider to the UK government, Australian David Pitchford, discovered the truth when he became Executive Director of Major Projects within the Efficiency and Reform Group which is part of the Cabinet Office. Pitchford may not have realised his comments would be reported when he told a project management conference in 2010 that “nobody in the UK Government seems to know how many projects they have on the books, nor how much these are likely to cost”.

He found that projects were launched, and continued, without agreed budgets or business cases.  Today, there is better scrutiny of major projects, by the Cabinet Office’s Major Projects Authority. But the MPA is limited in what it can do or scrutinise. Which leaves government in a general mess when it comes to implementing anything new.

Evidence for this mess comes from the National Audit Office. Its auditors tend to investigate departments as a whole more than they do specific projects but when they do the careful reader can see that projects such as the Rural Payments Agency’s Single Payment Scheme (a scant regard for public funds, said the NAO) and the C-NOMIS project for the prison service (kindergarten mistakes, said chair of Public Accounts Committee) were without a structure. Chaos prevailed – and ministers were among the last to know.

Publication of project reports encourages professionalism. Departmental heads can be held to account if Parliament knows what has gone wrong. That’s precisely the reason departmental heads don’t want risk registers and other project reports published. It’s why all internal reports on Universal Credit, the government’s biggest IT-related project, are kept secret in spite of FOI requests.

The ministerial veto in the case of the NHS risk register is the government and civil service colluding in keeping the public and Parliament in ignorance of internal management’s inability to run complex new projects and programmes in a professional way.

Ministers and permanent secretaries don’t especially mind media criticisms that are based on speculation. They don’t want their critics having authoritative internal reports. That’s why the Cabinet agreed the health service veto – and it’s one reason the government has a not-very-hidden aversion to the FOI Act.

The coalition cannot justly claim to cherish open government while it is refusing so many requests under FOI to publish contemporaneous taxpayer-funded reports on its major schemes.

We agree with the Information Commissioner that use of the ministerial veto is a step too far. No number of announcements by the Cabinet Office on open government will gloss over the fact that the coalition is even more secretive about mega-projects than Labour. That’s saying something.

2 responses to “The real reason NHS Risk Register is a State secret?

  1. Déjà vu!
    I could tell you a few stories but would end up being locked in the Tower no doubt.


  2. “No number of announcements by the Cabinet Office on open government will gloss over the fact that the coalition is even more secretive about mega-projects than Labour. That’s saying something.”

    So good it’s impossible to add more.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.