By Tony Collins
Facing the TV cameras, officials at Somerset County Council spoke with confidence about the new joint venture company they had set up with the “world-class” IT supplier IBM.
“The contract has to succeed; we will make it succeed, ” a senior official said at the time. Greater choice for residents, more control, sustained improvement of services, improved efficiency, tens of millions in savings and enhanced job prospects for staff.
These were some of the promises in 2007.
Since then, Somerset County Council has been through a costly legal dispute with IBM; projected savings have become losses, and Somerset is days away from taking back the service early.
Now the council faces new IT-related risks to its reputation and finances, warns a team of auditors.
In several audit reports on the exit arrangements, auditors warn of a series of uncertainties about:
- what exactly IT assets the council will own as of 1 December 2016, when the joint venture hands back IT and staff.
- how much software may not be licensed, therefore being used illicitly.
- how much software is being paid for without being needed or used, wasting council tax money.
- whether thousands of pieces of hardware have been disposed of securely over the years of the contract, or whether confidential data could later turn up in the public domain.
- the accuracy of some supplied information. “… the same networking hardware items have the same value associated with them even though one is twelve years old and the other only four” said auditors.
That Somerset County Council laments setting up the Southwest One joint venture with IBM is not new. What continues to surprise is the extent of the difficulties of ending the joint venture cleanly – despite months, indeed more than a year – of preparatory work.
The realty is that uncertainties and risks abound.
When IT journalists ask leading councillors and officers at the start of outsourcing/joint venture deals whether all the most potentially serious risks have been given proper consideration, the spokespeople inevitably sound supremely confident.
If things go wrong, they are sure the council will be able to take back the service under secure arrangements that have been properly planned and written into the contract.
Yet today some of the most potentially serious risks to Somerset’s finances and reputation come from continuing threats such as the possibility confidential data being found on old hardware not securely disposed of.
Or the council may be paying for unneeded software licences.
In short Somerset County Council is taking back the IT service on 1 December 2016 without being certain what it will find.
In future, therefore, when councillors and officials across the country talk with supreme confidence at the start of an outsourcing deal or joint venture about large savings, sustained efficiencies, and a step-change improvement in services that comes with the benefits of collaborating with a world-class private-sector partner, local residents will have every right to be deeply sceptical.
For the reality is more likely to be that the council and its world-class supplier are about to embark on a journey into the unknown.
Thank you to campaigner Dave Orr for alerting me to the council audit reports that made this post possible.
Excerpts from reports due to be considered by Somerset County Council’s Audit Committee next week (29 November 2016):
“… laptops, servers, storage devices, networking equipment, etc.) have been disposed of without the correct documentation historically, throughout the term with SWO [Southwest One]. There is a high likelihood that without the documentation to show that SWO were meant to have previously disposed of any specific data baring assets in a compliant manner then subsequent fines and loss of reputation will need to be dealt with by the Council.
“This is being addressed as part of the exit works but initial investigations show an expected lack of documentation.
“The quality of asset management and therefore exposure to risk (over and above this inherited risk) is expected to improve significantly once asset management returns to SCC [Somerset County Council).”
“Asset locations have been updated and improved though there are still issues regarding all asset details not being recorded accurately in the Asset Register. There is a risk that if wrong details are recorded against an asset then incorrect decisions could be made regarding these assets which may in turn cause the Council financial loss and/or loss of reputation.”
“… the same networking hardware items have the same value associated with them even though one is twelve years old and the other only four.”
“Software assets are now included in the monthly asset register report though the information collected and lack of correlation to meaningful license information means the original risk is not fully mitigated.
“This continued lack of software asset usage information against licensing proof of entitlement as well as the obvious risk of illegally using non licensed software there is also a risk that the Council is wasting public funds and Council officer’s time to manage unnecessary software. This means the Council will not be able to show “Best Value” in these purchases which could lead to fines being imposed by Central Government and loss of reputation by the inefficiencies being reported in the media.”
“I cannot though see evidence of the warranty & support arrangements being recorded or accurate recording of end of life assets. Due to a lack of or incorrect detail on the asset information there is the risk of incorrect decisions being made regarding an asset’s usage which could then lead to loss of money or reputation for the Council.”