Category Archives: Campaign4Change

Did Gauke and Couling break free today of DWP “good news” stance on Universal Credit rollout?

By Tony Collins

Two leaders of the Universal Credit rollout, David Gauke and Neil Couling, faced MPs’ questioning this morning on problems with the rollout of Universal Credit.

They were asked, among other things, about excessive delays in payments and payments made on the basis of incorrect data.

Gauke and Couling appeared before the work and pensions committee. There is also a Commons debate today on the Universal Credit rollout.

Gauke, the work and pensions secretary, and civil servant Neil Couling, Director General of Universal Credit, are known to resent criticism of the Universal Credit programme or its rollout.

Couling tweeted last week, in response to academic Jonathan Portas:

But MPs on the work and pensions committee, particularly its chairman Frank Field,  are sensitive to the DWP’s “good news” culture.

Field is reported to have said he suspected that ministers had only pressed ahead with the accelerated rollout of universal credit this month because civil servants at the Department for Work and Pensions had withheld the true scale of the problems.

Field said:

“Given everything we have heard, I was surprised that David Gauke opted to proceed with the accelerated rollout.

“I strongly suspect his decision, together with the failure to tell us anything, reflects a culture at the DWP of those most invested in universal credit not telling anyone, including their ministers, bad news.”

In its 2013 report “Universal Credit Early Progress“, the National Audit Office said,

“Both the Major Projects Authority [now the Infrastructure and Projects Authority] and a supplier-led review in mid-2012 identified problems with staff culture; including a ‘fortress mentality’ within the programme.

“The latter also reported there was a culture of ‘good news’ reporting that limited open discussion of risks and stifled challenge.”

BBC Radio 4’s Today programme heard this morning (18 October 2017) that a Universal Credit claimant who’d been the victim of “mistake after mistake” on his claim had threatened to take his own life and police had been called.

Update:

Gauke and Couling told the work and pensions committee this morning that the rollout may be paused in January 2018 as part of the department’s test and learn philosophy. They called it a “fire-break.  Couling said the rollout was paused in February 2016 for two months and “nobody noticed”.

He added that he was prepared to advise his minister, the Treasury and the prime minister to pause the rollout whenever the “evidence merits”..

Gauke said the advantages of the Universal Credit system were of such a “prize” that there was  cost of slowing down the rollout. “It can transform lives and it’s my determination is to deliver this successfully,” said Gauke.

Gauke and Couling told MPs that the rollout was working successfully. Neither expressed any criticisms of the programme or the rollout; and neither accepted the many criticisms of the committee’s MPs of the programme. At one point, Couling helpfully suggested to the committee some of the questions they “should” have been asking.

Where there were problems it was outside the DWP’s control – because of information supplied, or not supplied, by claimants or employers. The real-time information supplied to DWP by HM Revenue and Customs was only as good as the information provided to HMRC by employers.

Comment:

There’s universal support for the idea of Universal Credit. But there is almost universal criticism of the way it is being rolled out. Critics of the rollout also find it difficult to understand the DWP’s continuing refusal to accept that there are any serious problems.

For decades the DWP and its predecessor the Department of Social Security have been culturally unable to accept criticism of any of their big IT-based projects and programmes, even after a project was aborted.

One DWP director last year used the word “paranoid” when referring to her colleagues and their concerns about leaks of any bad news on the Universal Credit programme.

The DWP routinely declines FOI requests to publish its performance reviews on the Universal Credit programme. This lack of official information on the DWP’s performance leaves officials and ministers free to say that criticism of the programme is subjective or anecdotal.

Stephen Crabb was one of the few politicians who have ever made a difference to the DWP’s closed culture of secrecy and defensiveness. He ordered that internal reports on the risks and progress of the Universal Credit programme be released, against the advice of his civil servants. But Crabb didn’t stay long.

And the “good news” culture has returned, as unremitting as ever. Will any minister or civil servant be able to change the DWP’s “good news” culture?

Probably not.

The DWP’s permanent secretary Robert Devereux is retiring in January 2018, which will open the door to a successor who could try and change the department’s defensive culture.

It’s more likely, however, that Devereux’s replacement will be chosen on the basis that he or she will be a “safe pair of hands” which, in civil service terms, means a staunch defender of the department, its performance, all it is doing and the civil service in general.

However many independent voices call for a brake on the Universal Credit rollout, it seems inevitable that the DWP’s mandarins (and their pliant ministers) will carry on doing whatever they can justify to themselves.

The DWP hasn’t let humility or democratic openness get in the way before. Why would it give in to them now?

 

Advertisements

Is Gauke being told the whole truth on Universal Credit’s rollout problems?

By Tony Collins

“It is working,” said Work and Pensions secretary David Gauke in Manchester yesterday. He was referring to a plan to accelerate the rollout of Universal Credit from this month.

“I can confirm that the rollout will continue, and to the planned timetable,” he added.

But are civil servants giving Gauke – and each other – full and unexpurgated briefings on the state of the Universal Credit programme?

Last year, in a high-level DWP document that government lawyers asked a judge not to release for publication, a DWP director referred to

“a lack of candour and honesty throughout the [Universal Credit] programme.”

Senior civil servants were not passing bad news on the state of the Universal Credit IT programme even to each other.

The DWP document was dated several years after Iain Duncan-Smith, the original force behind the introduction of Universal Credit, found his internal DWP briefings on the state of the UC programme so inadequate – a “good news” culture prevailed – that he brought in his own external advisers – what he called his “red team”.

In 2013 the National Audit Office, in a report on Universal Credit, said a “good news” mentality within the DWP prevented problems being discussed.

If problems could not be discussed they could not be addressed.

Last year the Institute for Government, in a report on Universal Credit, said IT employees at the DWP’s Warrington offices burst into tears with relief when at last permitted – by external advisers –  to talk openly about problems on the programme.

The Work and Pensions Committee has questioned why DWP ministers told MPs all was going well with the programme when it was well behind schedule and beset with problems.

The Public Accounts Committee called the DWP “evasive and selective” when it came to passing on information about the state of the Universal Credit programme.

Is there any reason to believe that the “fortress mentality” that the NAO referred to in its report on Universal Credit in 2013 is no longer present?

When David Gauke announced yesterday that he is continuing the rollout of Universal Credit, was he basing his decision on the full facts – or a “good news” version of it as told to him by the DWP?

Comment

David Gauke will have been given the “new minister” treatment when he joined the DWP on 11 June 2017.

“The first thing you’ve got to overcome when you walk through the door is that everybody is being almost far too nice to you,” said one of Gauke’s predecessors, Iain Duncan Smith. He was speaking in 2016 after leaving the DWP.

IDS was much criticised for assuring Parliament all was well with the Universal Credit IT programme when it wasn’t. But maybe he was right to point out that, when he joined the DWP, he found that the “biggest cultural barrier” was getting civil servants to be honest about difficulties.

“The Civil Service, legitimately, see it as their role to deliver on politicians’ policy demands and this can sometimes make them resistant to the idea that they should inform you early of problems,” said IDS.

It was IDS who told BBC’s Radio 4 Today programme in December 2013, that Universal Credit was on track.

“It’s on budget. It’s on budget. Some 6.5million people will be on the system by the end of 2017.”

In fact, fewer than 700,000 people are claiming Universal Credit,  according to the latest DWP statistics.

DWP’s 30 years of a “good news” culture

In the past 30 years, it has been almost unknown for the DWP’s mandarins to concede that they have had serious problems with any of their major IT-based projects and programmes.

Perhaps it’s understandable, then, that Gauke apparently refuses to listen to critics and continues with the accelerated rollout of Universal Credit.

Would he have any idea that the Citizens Advice Bureau, in a carefully-researched report this year, said that some claimants are on the DWP’s “live service” (managed by large IT suppliers) which is “rarely updated” while other claimants are on a separate “full service” – what the CAB calls a “test and learn” system – which is still being designed?

Would Gauke know of the specific concerns of the all-party Work and Pensions Committee which wrote to the DWP earlier this year about Universal Credit decision makers being “overly reliant on information from [HMRC’s] Real-time information” even when there is “compelling evidence” that this data is  incorrect?

Would Gauke have any reason to believe those who refer to regular computer breakdowns and inaccurate and inconsistent data?

In the DWP’s own document that it did not want published, the DWP director said that, internally, “people stopped sharing comments which could be interpreted as criticism of the Programme, even when those comments would be useful as part of something like an MPA [Major Projects Authority] review.”

Many staff believed the official line was ‘everything is fine’. Nobody wanted to be seen to contradict it.

All this suggests that the DWP will carry on much as before, regardless of external criticism.  Individual ministers are accountable but they move on. Their jobs are temporary. It’s the permanent civil service that really matters when it comes to the implementation of Universal Credit.

But mandarins are neither elected nor effectively accountable.

NHS IT programme?

There may be some comparisons between Universal Credit and the NHS IT programme, the £10bn NPfIT.

A plethora of independent organisations and individuals expressed concerns about the NPfIT but minister after minister dismissed criticisms and continued the rollout. The NPfIT was dismantled many years later, in 2011. Billions was wasted.

Based on their civil service briefings, NPfIT ministers had no reason to believe the programme’s critics.

Universal Credit has more support than the NPfIT and the IT is generally welcomed, not shunned. But the Universal Credit rollout is clearly not in a position yet to be speeded up.

Whether Gauke will recognise this before his time is up at the DWP is another matter.

Like IDS, Stephen Crabb and Damian Green – all secretaries of state during the rollout of Universal Credit – Gauke will move on and his successor will get the “new minister” treatment.

And the cycle of ministerial “good news” briefings will continue.

Perhaps the DWP’s senior civil servants believe they’re protecting their secretaries of state.

As the civil servant Bernard Woolley said in “Yes Minister”

“If people don’t know what you’re doing, they don’t know what you’re doing wrong.”

Thank you to David Orr, an ardent campaigner for open government, who alerted me to Universal Credit developments that form part of this article.

HMRC appoints Microsoft executive as head of IT

By Tony Collins

Government Computing reports that HMRC has appointed a new chief digital and information officer, Jacky Wright, who is currently Microsoft’s corporate vice-president, Core Platform Engineering.

Theresa May ratified Wright’s appointment. Candidates were considered from across the civil service and the public and private sectors, and internationally.

The chief executive of HMRC Jon Thompson said,

“Jacky is a seasoned commercial leader with ‘best in class’ credentials, globally. Balancing strong operating experience with a record of driving innovation… Her influence as a technology leader and as a champion for the role of women and BAME [black, Asian, minority ethnic) in industry, is a major win for this organisation.”

Wright will take up her appointment from 16 October. She said,

“I am passionate about the impact innovation can have in truly transforming services for people and businesses in a positive way and want to continue the great work being done within HMRC and across the Civil Service at this time. I am proud to represent women and BAME in technology and will continue to promote the vital role of diversity within our industry and more broadly.”

One of HMRC’s biggest IT challenges in the coming months and years will be to detach itself from the £10bn “Aspire” outsourcing deal in which Capgemini and Fujitsu are the main suppliers.

Aspire is being broken up. HMRC says the contract is already “dead” but the department will rely on Capgemini as a strategic supplier until June 2020 and most probably beyond. HMRC has spent at least £720m a year on Aspire since 2008, including 2015/16.

Comment:

After spending years trying to distance itself from major IT suppliers, HMRC has appointed a top Microsoft executive as its new head of IT.

That said, Wright is an excellent appointment. She’s widely recognized for her contributions to the technology industry and for championing diversity. She has been in Britain’s Powerlist 100 of Most Influential People, the Top 100 BAME Leaders in Business, and Savoy Magazine’s Top Women list.

The challenge for Wright will be to use her influence and skills in a civil service that, at the top level, may not fully appreciate her. Will she feel sufficiently valued and stay?

Francis Maude – the former IT reformer and Cabinet Office minister – said in a Speaker’s Lecture this week that the civil service values policy experts more than operational and technical leaders.

“Policy nearly always trumps operational and technical skills for the leadership roles,” said Lord Maude.

“It feels like a class divide: there are the white-collar policy mandarins, and the blue-collar technicians who do operations, finance, procurement, IT and digital, project management, HR, and so on.

“All the attempts to create genuine parity of esteem have failed. This has to change in the future. Many government failures could have been prevented if operational and technical teams had the same access to Ministers as do policy officials.”

In working for HMRC,  Wright may need to acclimatise to a civil service culture that could, at times, strike her as frustrating, closed and irrational.  HMRC’s former IT chiefs include Steve Lamey, Phil Pavitt and Mark Dearnley.

Will an innovations specialist of Wright’s calibre last at HMRC? If she does, it could imply that HMRC is defying the civil service culture and is valuing a top international IT professional.

If she doesn’t last, it could imply that she has been hired as a Formula One driver and then given a Prius to race.

The Prius is an impressive piece of machinery. But it’ll never go particularly fast, however expertly it’s driven.

Microsoft’s Jacky Wright named as HMRC’s new CDIO

 

Nine-year outsourcing deal caught on camera?

By Tony Collins

This photo is of a Southwest One board that was surplus to requirements.

Southwest One continues to provide outsourced services to Avon and Somerset Police. The 10-year contract expires next year.

But unless Southwest One continues to provide residual IT services to the police, the company – which is owned by IBM – will be left without its three original public partners.

Photo a metaphor?

IBM and Somerset County Council set up Southwest One in 2007  to propel council services “beyond excellence”.

Joining in the venture were Taunton Deane Borough Council and Avon and Somerset Police. The hope was that it would recruit other organisations,  bringing down costs for all.

It didn’t happen.

An outsourcing deal that was supposed to save Somerset residents about £180m over 10 years ended early, in 2016, with losses for the residents of about £70m. The council and Southwest One settled a High Court legal dispute in 2013.

Taunton Deane Borough Council also ended the deal early, in 2016.

Comment

Was it all the fault of Southwest One? Probably not. The success of the deal was always going to be judged, to some extent, on an assumption that other organisations would join Southwest One.

When that didn’t happen, two councils and a police force had to bear the main costs.

There was also the inherent problem that exists with most big council outsourcing deals: that it’s always difficult for a supplier to innovate, save money on the costs of running council services, invest significantly more in IT, spend less overall and still produce a healthy profit for the parent company.

It could be done if the council, police force or other public body was manifestly inefficient. But Somerset County Council outsourced what was, by its own admission, an excellent IT organisation.

Some at the time had no doubts about how the outsourcing deal would end up.

Southwest One – The complete story by Dave Orr

 

FT reports on a death after Post Office Horizon IT system shortfall

By Tony Collins

The FT reported yesterday on a class action against the Post Office over the “faulty” Horizon IT system.

In an article or more than 1,000 words, it said that 522 former sub-postmasters are involved in the legal action.

A procedural hearing with a managing judge will take place in October 2017, which should lead to a timetable for final resolution by the court.

The FT reported on two families (previously unpublicised cases) whose lives have been devastated by shortfalls shown on the Post Office’s Horizon branch accounting system.  In one case, the Post Office dismissed Deirdre Connolly, a former sub-postmistress, after an apparent shortfall of £15,600. The alleged deficit was found during an unannounced branch audit.

The FT said that, out of fear, she made up the apparent loss with help from relatives. The Post Office did not prosecute. Her son later attempted suicide, which she attributed to his witnessing the stress she was under.

The FT also reported on a successful businessman, Phil Cowan, whose business ventures included a post office in Edinburgh run by his wife and her friend. He said that a £30,000 deficit shown on the branch electronic ledger account was a factor in his wife’s death from an accidental overdose of anti-depressants, alcohol and cold medicine. She was 47.

He attributed the shortfall to a technical glitch.

Cowan told the FT,

“This situation I know for a fact had a huge contribution to her passing away. It had a massive effect on her.”

In 2015 the Daily Mail reported on Martin Griffiths, a sub-postmaster from Chester, who stepped in front of a bus one morning in September 2013.

An inquest heard that Griffiths, 59, was being pursued by the Post Office over an alleged shortfall of tens of thousands of pounds.

The Post Office reached a settlement with his widow and required the terms of it to be kept confidential.

Court case

The legal action between the Post Office and the sub-postmasters could be said to be a simple one, at least from the PO’s perspective. Sub-postmasters signed a contract that held them responsible for losses shown on the branch accounting system (whether or not there was any evidence they gained from the shortfalls).

The Post Office’s lawyers will argue that there is no evidence that Horizon or any of its related elements such as network and communications equipment was to blame for the losses. Under its contract with sub-postmasters, the Post Office is entitled to pursue the former sub-postmasters for the losses.

It is this contract that is the main point of legal relevance, rather than claims by sub-postmasters that the losses were not real, that they didn’t steal any money and have had their lives, and their family’s lives, ruined by the Post Office’s actions against them.

For the sub-postmasters, lawyers will argue that errors were caused by software bugs and inadequate training and support. The FT article referred to a “pattern of bullying and intimidation by the Post Office dating back to shortly after Horizon was rolled out”.

After shortfalls were discovered, people were held and their homes searched,  Alan Bates of the Justice for Sub-postmasters Alliance told the FT. Freeths solicitors are handling the Alliance’s case.

Comment

The Post Office’s enforcement of its contract with sub-postmasters after discrepancies were found on Horizon raises the question of whether the law in this case has little – or perhaps nothing – to do with right and wrong.

The Post Office may have a contractual right to pursue former sub-postmasters for shortfalls shown on Horizon.

But does the Post Office’s conformance with the law – its contractual right to take action – make the action right?

In Vermont, it’s unlawful for women to be fitted with false teeth without the written permission of their husbands. It would be perfectly legal for Vermont’s lawyers to prosecute offenders. But being lawful to prosecute doesn’t make it right to do so.

It was perfectly lawful for the state to prosecute Alan Turing in 1952 (and Oscar Wilde in 1895) for homosexual acts. That the prosecutions were lawful (and were possible factors in their premature deaths) didn’t make the prosecutions right.

If NASA made its space missions conditional on a requirement that astronauts sign a contract that made them responsible for anything that went wrong, they would probably sign – because of their overwhelming desire to go into space. But if something went wrong would it be right for NASA to enforce the contact (assuming the astronauts survived?).

It can be lawful to enforce a contract but wrong to do so.

Post Office happy?

The Post Office (which is still publicly owned) sounds relaxed about going to court. The FT quoted the Post Office as saying,

“We welcome [the group litigation order] as offering the best opportunity for the matters in dispute to be heard and resolved.

“We will be continuing to address the allegations through the court’s processes and will not otherwise comment on litigation whilst it is ongoing.”

Even at this late stage, it’s not too late for the Post Office’s directors to ponder on the matter of right and wrong rather than go ahead with a court case merely because they can.

They have the power to exacerbate the devastation for hundreds of families. They also have the power to withdraw from the court case, settle and reduce the risk of any further personal tragedies.

This is where the distinction between enforcing a legal right and doing the right thing couldn’t be clearer.

Post Office faces class action over “faulty” IT system – FT

Shedding new light on the Post Office Horizon IT controversy?

IT staff pay price of helping to solve BBC’s gender pay gap?

By Tony Collins

The Register reported yesterday that hundreds of IT roles at the BBC will be offshored to cheaper wage locations under a £560m contract renewal with its incumbent outsourcing supplier Atos.

Atos executives said in a conference call heard by The Register that a new “Aurora” IT contract model will involve a significant amount of offshoring and new tooling. The new contract is due to start in October.

Employees may go into an “availability pool” and some may be redeployed within Atos.

Only a few are expected to stay on the BBC account. Most of the roles may be exported to Atos centres in Poland and India. About 400 Atos staff are affected.

Last week James Purnell, BBC director of Radio and Education, told  Newsnight that the £75m expected to be saved from the IT programme with Atos could help address the gender pay gap.

Thank you to David Orr for alerting me to The Register’s article.

 

 

Is Barnet Council up to the job of managing its suppliers – including Capita?

By Tony Collins

Tonight (27 July 2017) Barnet Council’s audit committee meets to discuss the interim year-end findings of BDO, its external auditor.

BDO identifies a “significant risk” in relation to the council’s contract management and monitoring. There are “numerous issues”, says BDO.

Barnet is well known in the local government community for having adopted a “commissioning council” concept. This means it has outsourced the vast majority of its services, leaving officers and the ruling Conservative group to set policy and monitor suppliers.

Capita is a main supplier. Its responsibilities include cemeteries, ICT and collecting council tax.

BDO’s report for tonight’s council meeting says that, with the council’s services now being delivered through various outsourcing arrangements, “it is important to establish strong contract management and monitoring controls”.

It adds that such controls “allow the Council to ascertain whether or not it is receiving value for money from the use of its contractors, and to take remedial action where issues are identified”.

On this point – contract management and monitoring –  BDO says,

“During the course of 2016/17 we have noted a number of internal audit reports which have raised significant findings in this area.

“In addition, further concerns have been identified through our own audit work. As such, we have recognised a significant risk to our use of resources [value for money] opinion.”

BDO’s findings are interim. It cannot finalise its final statutory report until many questions are answered and errors, financial misstatements and lapses in disclosure are corrected in Barnet’s draft financial accounts.

The auditors comment in their report on the “number and value of errors found” and the “level of misstatement in the current year accounts”.

These are some of BDO’s findings so far:

  • Large advance payments (about £44m in prepayments) as part of the Customer Service Group contracts with Capita. Not all of the payments were set out in the payments profile of the original contract. Significant payments were made at the start of the contract (and in subsequent years) to cover capital investment and transformational expenditure. The financial profile of the contract anticipates the advance payments being used by 2023. One advance payment of £19.1m in December 2016 covers service charge payments relating to the first three quarters of 2017/18. The council receives a £0.5m discount for paying in advance. The council also paid for some projects in advance. BDO finds that there was proper council scrutiny of the decision to make the payments.
  • Barnet overspent on services in 2016/2017 by £8.3m.
  • There’s a budget gap prior to identified savings of £53.9m over the three years to 2020.
  • There’s a substantial depletion in the council’s financial reserves.
  • Will claimed savings materialise? “Savings targets remain significant and achievement of these will be inherently challenging, as evidenced by the overspend in 2016/17.”
  • Net spending on the Customer and Support Group contracts with Capita increased to £34.4m in 2016/17 from £26.9m the previous year.
  • More than 100 officials at Barnet receive at least £60,000 a year and twelve at least £100,000.
  • Some councillors have failed to make formal declarations. A “poor response rate as compared to other authorities” says BDO’s report.

Comment:

You’d think a “commissioning council” – one that outsources the delivery of most of its services – would, above all, have a firm grip on what its main suppliers are doing and what they’re charging for.

In fact BDO’s report for tonight council meeting rates the council’s contract management and monitoring at “red”. BDO has identified “numerous” issues.

It’s easy for Barnet Council to issue press releases on the tens of millions it claims to have saved on its contracts with Capita.

But BDO possesses the facts and figures; and it questions the council’s “use of resources” – in other words “value for money”.

At the outset of its joint venture with IBM, officials at Somerset County Council spoke of planned savings of £180m over 10 years. In fact the deal ended up losing at least £69m.

Barnet blogger “Mr Reasonable” who has long kept a close eye on payments made by Barnet to Capita doubts that the council is up to the job of properly scrutinising Capita. We agree.

It was clear to many in 2013 when Barnet signed contracts with Capita that the council was unlikely to find the money to acquire adequate contract monitoring expertise and resources, given that its suppliers were required to deliver such a wide range of complex services.

Barnet Council’s most adept scrutineers, rather than local councillors, have proved to be its dogged local bloggers who include Derek Dishman (Mr Mustard), John Dix (Mr Reasonable), Theresa Musgrove (Mrs Angry) and Roger Tichborne (The Barnet Eye).

Had ruling councillors taken local blogger warnings more seriously, would they have specifically avoided becoming a “commissioning council”?

Public sector not reporting multiple cyber attacks

By Tony Collins

Successful cyber attacks on parts of the NHS and some councils and universities have not been reported to the police – even where criminals have locked information and demanded ransom payments, an investigation by The Yorkshire Post found.

The National Crime Agency, which is the UK’s lead agency against organised crime, human, weapon and drug trafficking and cyber crime, has said that “under-reporting of cyber crime remains a key barrier to our understanding of its true scale and cost”.

Its comments were aimed at the directors in the private sector. But it’s clear that the public sector is not setting an example.

The Yorkshire Post says that the Mid Yorkshire Hospitals NHS Trust had two ransomware attacks last year in which data was encrypted on some departmental drives with demands for payment made to unlock it. While no payment was made and the information recovered from back-up systems, neither incident was reported to police.

Barnsley Council had 13 successful ransomware attacks since April 2016 and none was reported to the police. No ransoms were paid, data was restored from back-up systems and accounts were disabled and changed to “render any captured credentials of little use”.

Three of Yorkshire’s universities had almost 300 successful attacks in the 
last three years. None was reported to police.

The 
University of York had 237 incidents which included nine distributed denial of service attacks and a further seven incidents in which servers were “compromised” by hackers.

A spokesman for the university said: “We did not consider that any incident caused sufficient loss, either monetary or of data, to justify reporting to the police.”

The University of Huddersfield had 54 successful attempts and nothing was reported to the police “due to low level impact”.

Ensuring the buck stops nowhere?

In a National Audit Office blog, the NAO’s cyber director Tom McDonald and digital transformation specialists Yvonne Gallagher (who’s a former CIO in two government departments) and Max Tse pointed to a lack of accountability in the public sector for deterring cyber attacks and managing the risks.

In health, for example, the Department of Health’s delegates to NHS England, which funds over 200 local clinical commissioning groups to purchase care from local health trusts.

Social care is the responsibility of the larger local authorities who are accountable to their local electors.

NHS Digital has some overview of data and IT systems for the health and social care sectors (through its management of national NHS IT systems, such as the NHS Spine or N3 Network) and it has a dedicated Data Security Centre, but it has no authority over councils and trusts to ensure even simple security measures are implemented locally, such as software updates and patches.

The National Audit Office found that, across government, “there has been little coherence between the several lines of governance and senior oversight of cyber and information security”.

It added,

“A number of organisations and a plethora of working-level groups have been involved in cyber security and supporting digital transformation across government. The government itself has described these arrangements as an ‘alphabet soup’.”

There’s also a shortage of IT security skills in the public sector, which is exacerbated by the high number of so-called “transformation” projects and programmes and a reliance on legacy systems such as Windows XP which proved vulnerable in the WannaCry attack, said the National Audit Office.

Comment

The government could make it mandatory for Whitehall, councils, the NHS and other parts of the public sector – including the police – to report incidents to the National Crime Agency.

It’s unlikely to happen though.

There’s a woeful lack of reporting and accountability in the public sector on IT-related matters.  WannaCry and hundreds of other “successful” incidents in public sector in the past year will not make any difference.

That the public sector will work to reduce the ill effects of cyber attacks is a given. It’s also inevitable that it’ll work hard at ensuring, in line with culture and convention, that, when there are “successful” incidents, the buck stops nowhere.

Thank you to Zara Pradyer for alerting me to the Yorkshire Post article.

Whitehall renews facade of openness on major IT projects

By Tony Collins

Headlines yesterday on the state of major government IT projects were mixed.

Government Computing said,

“IPA: Whitehall major projects show ‘slow and steady’ delivery improvement”

Computer Weekly said,

“Government IT projects improving – but several still in doubt”

The Register said,

“One-quarter of UK.gov IT projects at high risk of failure – Digital borders, digital tax and raft of MoJ projects singled out”

The headlines were prompted by the Infrastructure and Projects Authority’s annual report which was published yesterday.

The report listed the RAG – red/amber/green – status of each of 143 major projects in the government’s  £455bn major projects portfolio. Thirty-nine of these are ICT projects, worth a total of £18.6bn.

Publication of the projects’ red/amber/green status – called the “Delivery Confidence Assessment” – seemed a sign that the government was being open over the state of its major IT and other projects.

A reversal of decades of secrecy over the progress or otherwise of major IT projects and programmes?

In a foreword to the Infrastructure and Project Authority’s report, two ministers referred twice to the government’s commitment to openness and accountability.

MP Caroline Nokes, Cabinet Office minister, and MP Andrew Jones, a Treasury minister, said in their joint foreword,

“The government is also committed to transparency, and to being responsive and accountable to the public we serve.

“Accordingly, we have collected and published this data consistently over the past five years, enabling us to track the progress of projects on the GMPP [Government Major Projects Portfolio] over time.

“We will continue to be responsive and accountable to the public.”

But the report says nothing about the current state of major IT projects. The delivery confidence assessments are dated September 2016. They are 10 months out of date.

This is because senior civil servants – some of whom may be the “dinosaurs” that former minister Francis Maude referred to last month – have refused to allow politicians to publish the red/amber/gtreen status of major projects (including the Universal Credit programme and the smart meters rollout) unless the information, when published, is at least six months old.

[Perhaps one reason is to give departmental and agency press officers an opportunity to respond to journalists’ questions by saying that the red, red/amber of amber status of a particular major project is out of date.]

Amber – but why?

An amber rating means that “successful delivery appears feasible but significant issues already exist” though any problems “appear resolvable”.

In September 2016 the Universal Credit programme was at amber but we don’t know why. Neither the IPA or the Department for Work and Pensions mention any of the “issues”.

The £11bn smart meters rollout is also at amber and again we don’t know why. Neither the IPA nor the Department for Business, Energy and Industrial Strategy mention any of the “issues”. Permanent secretaries are allowed to keep under wraps the IPA’s reasons for the red/amber/green assessments.

Even FOI requests for basic project information have been refused.  Computer Weekly said,

“Costs for the Verify programme were also withheld from the IPA report, again citing exemptions under FOI.”

Comment

The senior civil servants who, in practice, set the rules for what the Infrastructure and Projects Authority can and cannot publish on major government projects and programmes are likely to be the “dinosaurs” that former Cabinet Office minister Francis Maude referred to last month.

Maude said that Whtehall reforms require that new ministers “face down the obstruction and prevarication from the self-interested dinosaur tendency in the mandarinate.”

Clearly that hasn’t happened yet.

The real information about Universal Credit’s progress and problems will come not from the Infrastructure and Projects Authority – or the Department for Work and Pensions – but from local authoritities, housing associations, landlord organistions, charities and consumer groups such the Citizen’s Advice Bureau (which has called for Universal Credit to be halted), the local press, the National Audit Office and Parliamentary committees such as the Public Accounts Committee and Work and Pensions Committee.

On the smart meter rollout, the real information will come not from the Infrastructure and Projects Authority – or the Department for Business, Energy and Industrial Strategy – but from business journalist Paul Lewis, consumer advocate Martin Lewis, business organistions such as the Institute of Directors,  experts such as Nick Hunn, the Energy and Climate Change Committee and even energy companies such as EDF.

Much of this “real” information will almost certainly be denied by Whitehall press officers. They’ll be briefed by senior officials to give business journalists only selected “good news” facts on a project’s progress and costs.

All of this means that the Infrastructure and Projects Authority may have good advice for departments and agencies on how to avoid project failures – and its tact and deference will be welcomed by permanent secretaries – but it’s likely the IPA will be all but useless in providing early warnings to Parliament and the public of incipient project disasters.

Ministers and some senior civil servants talk regularly about the government’s commitment to openness and accountability. When it will start applying to major government IT projects?

 

UK.gov watchdog didn’t red flag any IT projects. And that alone should be a red flag to everyone

 

 

 

 

Why are councils hiding exit costs of outsourcing deals – embarrassment perhaps?

Tony Collins

Excerpt from Taunton Deane council’s confidential “pink pages”.
The last sentence contains a warning that IBM-owned SWO – Southwest One – may try to “maximise revenues” on exiting its joint venture with the council.

Somerset County Council has refused a Freedom of Information request for the costs of exiting its joint venture with IBM.

But a secret report written last year by officers at Taunton Deane Borough Council – which was a party to the IBM-owned joint venture company Southwest One  – warned that the supplier could attempt to “maximise revenues on exit”.

It said,

“… from experience anything slightly ambiguous within the contract is likely to be challenged by SWO [Southwest One] in order to push it into the chargeable category as they attempt to maximise revenues on exit”.

A separate section of the confidential report said,

“disaggregating from the SWO [Southwest One] contract will be complex and expensive …”

Taunton Deane Borough Council did not tell councillors what the exit turned out to be. The figures are also being kept secret by Somerset County Council which signed the “transformative” SWO joint venture deal with IBM in 2007.

Both councils have now brought back services in-house.

Secrecy over the exit costs is in contrast to Somerset’s willingness to talk in public about the potential savings when local television news covered the setting up of Southwest One in 2007.

The silence will fuel some local suspicions that exit costs have proved considerable and will have contributed to the justifications for Somerset’s large council tax rise this year.

£69m losses?

David Orr, a former Somerset County Council IT employee, has followed closely the costs of the joint venture, and particularly its SAP-based “transformation.

It was his FOI request for details of the exit costs that the council refused.

Orr says that Somerset has lost money as a result of the Southwest One deal. Instead of saving £180m, the joint venture has cost the council £69m, he says.

FOI

Under the Freedom of Information Act, Orr asked Somerset for the “total contract termination costs” including legal, consultancy, negotiation, asset valuations, audit and extra staffing.

He also asked whether IBM was paid compensation for early termination of the Southwest One contract. In replying, the council said,

“The Authority exited from a significant contract with Southwest One early, and the services delivered through this contract were brought back in-house in November 2016.

“The Authority expects the costs to fall significantly now it has regained control of those services.

“Somerset County Council made payment under the ‘Termination for Convenience’ provisions of the original contract. We do hold further information but will not be releasing it at this point as we believe to do so would damage the commercial interests of the County Council, in that it would prejudice the our negotiating position in future contract termination agreements in that it would give contractors details on what terms the Council was willing to settle …”

Orr will appeal. He says the Information Commissioner has already established a principle with Suffolk Coastal District Council that the termination costs of a contract with a third party should be disclosed. The commissioner told Suffolk Coastal council that, in opting out of FOI,

“there is no exemption for embarrassment”

Hidden costs

Taunton’s pink pages paper said that the Southwest One contract’s Exit Management Plan provided for a smooth transfer of services and data, and for access to staff to assess skills and do due diligence.

In practice, though, there were many exit-related complications and costs – potential and actual. The paper warned that Taunton would need to find the money for:

  • Exit programme and project management costs
  • Early termination fees
  • Contingency
  • ICT infrastructure disaggregation
  • Service transition and accommodation costs
  • Disaggregating SAP from Southwest One. Also the council would need to exit its SAP-based shared services with Somerset County Council because the estimated costs were lower when run on a non shared services basis. SAP covered finance, procurement, HR, payroll, website and customer relationship management.
  • Costs involved in a “soft” or “hard” (adversarial) exit.
  • Estimating council exit costs when IBM was keeping secret its own Southwest One running costs.
  • Staff transfer issues.

Comment

So much for open government. It tends to apply when disclosures will not embarrass local government officials.

In 2007 Somerset County Council enjoyed local TV, radio and newspaper coverage of the new joint venture with IBM. Officials spoke proudly on camera of the benefits for local taxpayers, particularly the huge savings.

Now, ten years later, the losses are stacking up. Former Somerset IT employee and FOI campaigner Dave Orr puts the losses at £69m. And local officials are keeping secret the further exit costs.

Suffolk Coastal District Council lost an FOI case to withhold details of how much it paid in compensation to a third party contractor to terminate a contract. But at least it had published its other exit costs.

Somerset is more secretive. It is withholding details of the sums it paid to IBM in compensation for ending the joint venture early; it also refuses to publish its other exit costs.

Trust?

Can anything said by councils such as Somerset or Barnet in support of major outsourcing/joint venture deals be trusted if the claimed savings figures are not audited and the other side of the story – the hidden costs – are, well, hidden?

In local elections, residents choose councillors but they have no say over the appointment of the permanent officials. It’s the officials who decide when to refuse FOI requests; and they usually decide whether the council will tell only one side of the story when public statements are made on outsourcing/joint ventures.

Across the UK, local councils employed 3,400 press and communications staff –  about double the total number in central government – in part to promote the authorities’ services and activities.

What’s the point if they publicise only one side of the story – the benefits and not the costs?

Somerset’s decision to refuse Orr’s reasonable FOI request makes, in its own small way, a mockery of open government.

It also gives just cause for Somerset residents to be sceptical about any council statement on the benefits of its services and activities.