Category Archives: change management

Civil servant in charge of £9.3bn IT project is not shown internal review report on scheme’s failings.

By Tony Collins

“If people don’t know what you’re doing, they don’t know what you’re doing wrong” – Sir Arnold Robinson, Cabinet Secretary, Yes Minister, episode 1, Open Government.

Home Office officials kept secret from the man in charge of a £9.3bn project a report that showed the scheme in serious trouble.

The Emergency Services Network is being designed to give police, ambulance crew and firemen voice and data communications to replace existing “Airwave” radios.  The Home Office’s permanent secretary Philip Rutnam describes the network under development as a “mission-critical, safety-critical, safety-of-life service”.

But Home Office officials working on the programme did not show an internal review report on the scheme’s problems to either Rutnam or Stephen Webb, the senior responsible owner. They are the two civil servants accountable to Parliament for the project.

Their unawareness of the report made an early rescue of the Emergency Services Network IT programme less likely. The scheme is now several years behind its original schedule, at least £3.1bn over budget and may never work satisfactorily.

The report’s non circulation raises the question of whether Whitehall’s preoccupation with good news and its suppression of the other side of the story is killing off major government IT-based schemes.

With the Emergency Services Network delayed – it was due to start working in 2017 – police, ambulance and fire services are having to make do with the ageing Airwave system which is poor at handling data.

Meanwhile Motorola – which is Airwave’s monopoly supplier and also a main supplier of the Emergency Services Network – is picking up billions of pounds in extra payments to keep Airwave going.

Motorola may continue to receive large extra payments indefinitely if the Emergency Services Network is never implemented to the satisfaction of he emergency services.

EE is due to deliver the network component of the Emergency Services Network. Motorola is due to supply software and systems and Kellogg Brown & Root is the Home Office’s delivery partner in implementing the scheme.

Has Whitehall secrecy over IT reports become a self-parody?

The hidden report in the case of the Emergency Services Network was written in 2016, a year after the scheme started. It said that dialogue between suppliers, notably EE and Motorola, did not start until after the effective delivery dates. Integration is still the main programme risk.

MP SIr Geoffrey Clifton Brown has told the Public Accounts Committee that the report highlighted an absence of clarity regarding dependency on the interface providers, which caused something of an impasse.

He said the report “alluded to the fact that that [a lack of clarity around integration] remains one of the most serious issues and is not showing any signs of resolution”.

Stephen Webb has been in charge of the project since its start but he is the business owner, the so-called “senior responsible owner” rather than the programme’s IT head.

In the private sector, the IT team would be expected to report routinely to a scheme’s business owner.

But in central government, secrecy over internal assurance reports on the progress or otherwise of major IT-related projects is a Whitehall convention that dates back decades.

Such reports are not published or shared internally except on a “need-to-know” basis. It emerged during legal proceedings over the Universal Credit IT programme that IT project teams kept reports secret because they were “paranoid” and “suspicious” of colleagues who might leak documents that indicated the programme was in trouble.

As a result, IT programme papers were no longer sent electronically and were delivered by hand. Those that were sent were “double-enveloped” and any that needed to be retained were “signed back in”; and Universal Credit programme papers were watermarked.

The secrecy had no positive effect on the Universal Credit programme which is currently running 11 years behind its original schedule.

Webb has told MPs he was “surprised” not to have seen review report on the Emergency Services Network. He discovered the report’s existence almost by accident when he read about it in a different report written a year later by Simon Ricketts, former Rolls Royce CIO.

This month the Public Accounts Committee criticised the “unhealthy good news” culture at the Home Office. The Committee blamed this culture for the report’s not being shown to Webb.

The Home Office says it doesn’t know why Webb was not shown the “Peter Edwards” report. The following was an exchange at the Public Accounts Committee between MP Sir Geoffrey Clifton-Brown, Webb and Rutnam.

Clifton-Brown: When you did that due diligence, were you aware of the Peter Edwards report prepared in the fourth quarter of 2016?

Rutnam: No, I’m afraid I was not. The Peter Edwards report on what exactly, sorry?

Clifton-Brown: Into the problems with ESN [Emergency Services Network], in particular in relation to suppliers.

Rutnam: I do not recall it. It may have been drawn to my attention, but I’m afraid I do not recall it.

Webb: It was an internal report done on the programme. I have not seen it either.

Clifton-Brown: You have not seen it either, Mr Webb—the documents tell us that. Why have you not seen such an important report? As somebody who was in charge of the team—a senior responsible officer—why had you not seen that report?

Webb: I don’t know. I was surprised to read it in Simon’s report. [Simon Ricketts.]

Chair: Who commissioned it?

Webb: The programme leadership at the time.

Chair: That is the board?

Webb: The programme director. It was a report to him about how he should best improve the governance. I think he probably saw it as a bit of an external assurance. It probably would have been better to share it with me, but that was not done at the time.

Clifton-Brown: “Probably would have been better to share it”? That report said that dialogue between suppliers, notably EE and Motorola, only started after the effective delivery dates. The report highlighted that there was not clarity regarding dependency on the interface providers, and that caused something of an impasse. It also alluded to the fact that that remains one of the most serious issues and is not showing any signs of resolution. That was in 2016, in that report. Had that report been disseminated, would we still be in the position that we are today?

Webb: I think that we would have wanted to bring forward the sort of [independent] review that the Home Secretary commissioned, and we would have done it at an earlier date.

Clifton-Brown: Why did you need to? You would not have needed to commission another review. You could have started getting to the root of the problem there and then if you had seen that report.

Webb: Yes.

Comment:

Webb and Rutman seem highly competent civil servants to judge from the open way they answered the questions of MPs on the Public Accounts Committee.

But they did not design the Emergency Services Network scheme which, clearly, had flawed integration plans even before contracts were awarded.

With no effective challenge internally and everything decided in secret, officials involved in the design did what they thought best and nobody knew then whether they were right or wrong. With hindsight it’s easy to see they were wrong.

But doing everything in secret and with no effective challenge is Whitehall’s  systemically flawed way of working on nearly all major government IT contracts and it explains why they fail routinely.

Extraordinary?

It’s extraordinary – and not extraordinary at all – that the two people accountable to Parliament for the £9.3bn Emergency Services Network were not shown a review report that would have provided an early warning the project was in serious trouble.

Now it’s possible, perhaps even likely, the Emergency Services Network will end up being added to the long list of failures of government IT-based programmes over the last 30 years.

Every project on that list has two things in common: Whitehall’s obsession with good news and the simultaneous suppression of all review reports that could sully the good news picture.

But you cannot run a big IT-based project successfully unless you discuss problems openly. IT projects are about solving problems. If you cannot admit that problems exist you cannot solve them.

When officials keep the problems to themselves, they ensure that ministers can be told all is well. Hence, ministers kept telling Parliament all was well with the £10bn National Programme for IT in the NHS  – until the scheme was eventually dismantled in 2011.

Parliament, the media and the public usually discover the truth only when a project is cancelled, ends up in the High Court or is the subject of a National Audit Office report.

With creative flair, senior civil servants will give Parliament, the National Audit Office and information tribunals a host of reasons why review reports on major projects must be kept confidential.

But they know it’s nonsense. The truth is that civil servants want their good news stories to remain uncontradicted by the disclosure of any internal review reports.

Take the smart meters roll-out. Internal review reports are being kept secret while officials give ministers and the Department for Business, Energy and Industrial Strategy the good news only. Thus, the latest Whitehall report on smart meters says,

“Millions of households and small businesses have made the smart choice to get a smart meter with over 12.8 million1 operating in smart mode across Great Britain. This world leading roll out puts consumers firmly in control of their energy use and will bring an end to estimated bills.”

Nothing is said about millions of homes having had “smart” meters installed that are neither smart nor compatible for the second generation of smart meters which have a set of problems of their own.

The answer?

For more than 30 years the National Audit Office and the Public Accounts Committee have published seemingly unique reports that each highlight a different set of problems. But nobody joins the dots.

Sir Arnold, the Cabinet Secretary said in “Yes Minister“, that open government is a contradiction in terms. “You can be open, or you can have government.

This is more than a line in a TV satire.  It is applied thinking in every layer of the top echelons of civil service.

Collective responsibility means civil servants have little to fear from programme failures. But they care about departmental embarrassment. If reviews into the progress or otherwise of IT-enabled programmes are published, civil servants are likely to be motivated to avoid repeating obvious mistakes of the past. They may be motivated to join the dots.

But continue to keep the review reports secret and new sets of civil servants will, unknowingly each time, treat every project as unique. They will repeat the same mistakes of old and be surprised every time the project collapses.

That the civil service will never allow review reports of IT programmes to be published routinely is a given. If the reports were released, their disclosure of problems and risks could undermine the good news stories ministers, supported by the civil service, want to feel free to publish.

For it’s a Whitehall convention that the civil service will support ministerial statements whether they are accurate or not, balanced or not.

Therefore, with review reports being kept secret and the obsession with good news being wholly supported by the civil service, government’s reputation for delivering successful IT-based programmes is likely to remain tarnished.

And taxpayers, no doubt, will continue to lose billions of pounds on failed schemes.  All because governments and the civil service cannot bring themselves to give Parliament and the media – or even those in charge of multi-billion pound programmes –  the other side of the story.

Home Office’s “unhealthy good news culture” blamed for Emergency Services Network Delays – Civil Service World

Emergency Services Network is an emergency now – The Register

Home Office not on top of emergency services programme – Public Accounts Committee report, July 2019

Advertisements

Are councils short of money? Only for public services

By Tony Collins

Councils are short of money for public services – but not for senior officers’ pay-offs or botched deals.

A recent case is highlighted by Somerset’s County Gazette.

It says that restructuring costs for a newly-created council – in which two local authorities merged to save money by way of a “digital revolution” – are likely to double after more people than expected took redundancy.

The new council is expected to pay about £6m in redundancies instead of the target figure of £3m.

According to Somerset’s County Gazette, the pay-outs include £343,000 to the former chief executive of one of the two councils in the merger, Taunton Deane Borough Council, which was a founder member of the failed Somerset One joint venture with IBM.

The Southwest One enterprise cost taxpayers tens of millions of pounds more than it saved.

Now it emerges that five other senior officers involved in the Somerset merger plans have received pay-offs of more than £100,000 each; and although 191 council staff were laid off last year as part of the merger plans, the new council is now considering recruiting dozens of much-needed extra staff.

Campaigner David Orr, a former IT professional at Somerset County Council, has written to the chief executive of newly-created Somerset West and Taunton Council, to express concerns about pay-offs, consultancy costs involved in the merger and what he called the “failed transformation”.

Somerset West and Taunton Liberal Democrat councillor Mike Rigby said,

This [the merger] is a spectacular failure. An uncontrolled exodus of staff, walking away with tens or even hundreds of thousands of pounds, in advance of a “digital revolution” that never arrived.

The council thought it could lose 120 staff as 250 council services went online. The problem is that 191 staff left while fewer than 20 services are available online.

“No consideration as to whether any of those 191 staff were carrying out essential duties so now we’re having to fill many of the redundant roles.

“An utter shambles … It’ll take some time to put this all back together.”

The new chief executive of Somerset West and Taunton Council, told the BBC,

“We’ve overshot that target (£3m), mainly because people put their hands up for voluntary redundancy…

“I think ultimately, people who were eligible to apply for voluntary redundancy decided to take that opportunity.” He said there had been no limit on the number of employees eligible for voluntary redundancy.

“There was an acceptance that if people wanted to take voluntary redundancy, they could do – that’s the way it was set up.

Short of money?

Although councils are said to be short of money for public services – it was reported in 2017 that many were facing bankruptcy – the Taxpayers’ Alliance said last month that, across the country, 2,441 council officers  — a four-year high – earned at least £100,000 a year with 607 of those receiving at least £150,000 in 2017-18.

A total of 28 local authority employees received remuneration in excess of a quarter of a million pounds in 2017-18.

One council has 55 employees earning more than £100,000.

Councils say they need to pay the equivalent of private sector salaries to attract the right people to run large and complex local authorities.

A Local Government Association spokesperson said councils are  “large, complex organisations” that make a “huge difference” to people’s lives.

The spokesperson added: “Senior pay is always decided by democratically elected councillors in an open and transparent way.”

Comment

IT-led transformations are fun. They are a break from routine and great for the CV.

The supplier gains. Those at the council working on the transformation gain. A win-win. Even the public may gain if anyone can ascertain from a complicated deal whether any savings have been made.

If the deal fails,  nobody is constitutionally accountable except the volunteer councillors.

And councils seem to follow the principle that every overtly botched IT-led transformation needs to be followed by a new IT-led transformation. If that doesn’t succeed, a third may make up for the other two.

All the while, senior council officers continue to receive no-risk salaries of £100,000 + and/or large pay-offs.

Large amounts of money paid to senior officers does a disservice to the mass of lower or middle grade council officers who earn appropriate sums and bear the same risks of losing their jobs as anyone in the private sector.

Why do councils exist?

Botched deals leave less for public services. And the more senior council officers continue to receive large sums of money whether their councils succeed or not,  the more they will reinforce the fat cat stereotype and convince people that councils exist for their own benefit rather than the public’s.

As more public services disappear while the cost of the council payroll soars, the more people will wonder whether their local council would prefer not to offer any services at all.

A Yes Minister episode had officials boasting of the efficiency of a newly-built and fully-equipped NHS hospital that had no patients.

The hospital was fully staffed with 500 administrators and ancillary workers but had no money left for any nurses or doctors.

Is this where councils’ public services are headed?

Thank you to campaigner David Orr who seeks to hold those in power in Somerset to account.

 

Capita’s problems were “preventable” says Royal London

By Tony Collins

Royal London, a Capita investor, said yesterday it has been “raising concerns about Capita’s weak governance with the firm for a number of years, and voting against many resolutions on director re-elections and pay consistently since 2014.”

Royal London is the UK’s largest mutual life, pensions and investment company. It managed £113bn of funds as of 31 December 2017. It owns a 0.44% stake in Capita.

Ashley Hamilton Claxton, Royal London Asset Mananagement’s Head of Responsible Investment, said in a statement,

“We welcome the honesty and transparency with which Capita’s new CEO has accepted the company’s past failings, and put a plan in place to simplify and improve the business. However, we believe this was preventable and have been privately raising concerns about Capita’s weak governance with the firm for a number of years, and voting against many resolutions on director re-elections and pay consistently since 2014.

“Until recently, Capita’s board flouted one of the basic rules of the corporate governance code, with a small board primarily comprised of management insiders. The result was a board that lacked the independent spirit to rigorously assess whether the company was making the right long-term decisions.

“Our concerns about governance were compounded by the complexity of the underlying business and the company’s acquisition strategy. Capita’s approach to remuneration also left something to be desired, with major losses in 2013 being excluded from the profit figures used to assess the bonuses paid to executives at the firm.

“The sea change in the board over the past 18 months has been welcome and has addressed the key issue of independence. It will be up to the new Chairman and the Board to ensure that Capita does not repeat the mistakes of the past, and that its strategy is fit for purpose during a particularly turbulent time for the outsourcing sector.”

Last week Capita issued a profits warning and announced plans to raise £700m from investors to reduce debts.

With Capita seeking to raise money and cut costs, where will this leave local government customers that are reliant on the supplier to cut the costs of running local services?

Barnet Council has, controversially, contracted out a large chunk of its services to Capita – and also gives the company tens of millions in advance payments in return for a discount on the supplier’s fees.

By becoming a “commissioning council”, Barnet has made itself wholly reliant on Capita, say critics of the outsourcing deal. Among other responsibilities, Capita produced the council’s latest annual accounts – including a financial account of its own services to the council. The accounts were not produced on time which created extra chargeable work for the council’s auditors BDO.

Capita has run into problems on a number of its major outsourcing deals. The National Audit Office is investigating its work on GP support services.

Councillor Barry Rawlings, leader of the Labour group in Barnet, said the profits warning and Capita’s low share price raised questions about how it may respond to further troubles.

He told The Guardian that Capita may be looking to cut back services it supplies.

“Capita handles all of the back office, enforcement, planning, environmental health, trading standards, estates, payroll and so on. Will that be part of their core services? We might be one of the only places they do some things. If they narrow their scope, what is going to happen to these services?

Conservative leader of  Barnet council, Councillor Richard Cornelius, said,  “Capita currently runs approximately 10 per cent of our services by value. They do not run the entire council as some reports have suggested.

“The council regularly reviews the financial status of its major suppliers as part of its contract management and contingency planning arrangements. This is what any responsible local authority would do.”

Capita’s share price has more than halved in the last month – from about 400p to a low on 1 February 2018 of 158p – but today rose by about 10% to 196.

Comment

When an outsourcing giant is looking to cut its costs and raise money to cover debts, how does that square with local government customers that also want to cut costs – which is why they outsourced to Capita?

Outsourcing can make good sense – when for example a global company like BP wants to standardise IT services across the world. It doesn’t always make sense when an organisation wants a service transformation while also cutting costs. Something usually has to give which, perhaps, Barnet Council and its taxpayers are slowly finding out.

Ministers told of major problem on Capita NHS contract more than a year later

By Tony Collins

Today’s Financial Times and other newspapers cover a National Audit Office report into GP clinical notes and correspondence, some of it urgent, that was not directed to the patient’s GP.

The correspondence was archived by Capita under its contract to provide GP support services. But patient notes were still “live”. They included patient invitation letters, treatment/diagnosis notes, test results and documents/referrals marked ‘urgent’.

What isn’t well reported is that ministers were left in the dark about the problems for more than a year. The National Audit Office does not blame anyone – its remit does not include questioning policy decisions – but its report is impressive in setting out of the facts.

Before NHS England outsourced GP support services to Capita in 2015, GPs practices sent correspondence for patients that were not registered at their practice to local primary care services centres, which would attempt to redirect the mail.

By the time Capita took over GP support services on 1 September 2015, GPs were supposed to “return to sender” any correspondence that was sent to them incorrectly – and not send it to primary care services centres that were now run, in part, by Capita.

But some GPs continued to send incorrectly-addressed correspondence to the primary care services centres. Capita’s contract did not require it to redirect clinical correspondence.

An unknown number of GP practices continued to send mail to the centres, expecting the centre’s staff to redirect it. A further complication was that Capita had “transformation” plans to cut costs by closing the primary care services support centres.

Capita made an inventory of all records at each site and shared this with NHS England. The inventories made reference to ‘clinical notes’ but at this point no one identified these notes as live clinical correspondence. Capita stored the correspondence in its archive.

In line with its contract, Capita did not forward the mail. It was not until May 2016 – eight months after Capita took over the primary care services centres – that Capita told a member of NHS England’s primary care support team that there was a problem with an unquantified accumulation of clinical notes.

It was a further five months before Capita formally reported the incident to NHS England. At that time Capita estimated that there was an accumulation of hundreds of thousands of clinical notes. When the National Audit Office questioned Capita on the matter, it replied that, with hindsight, it believes it could have reported the backlog sooner.

In November 2016, Capita and NHS England carried out initial checks on the reported backlog of 580,000 clinical notes. It wasn’t until December 2016 that ministers were informed of problems – more than a year after Capita took over the contract.

Even in December 2016 ministers were not fully informed. Information about a backlog of live clinical notes was within in a number of items in the quarterly ministerial reports. NHS England did not report the matter to the Department of Health until April 2017 – about two years after the problems began.

Even then, officials told ministers that clinical notes had been sampled and were considered “low clinical and patient risk”. But a later study by NHS England’s National Incident Team identified a backlog of 1,811 high priority patient notes such as documents deemed to be related to screening or urgent test results.

The National Audit Office says, “NHS England expects to know by March 2018 whether there has been any harm to patients as a result of the delay in redirecting correspondence. NHS England will investigate further where GPs have identified that there could be potential harm to patients. The review will be led by NHS England’s national clinical directors, with consultant level input where required.”

Last month Richard Vautrey, chairman of British Medical Association’s General Practitioners Committee, wrote to the NHS Chief Executive Simon Stevens criticising a lack of substantial improvement on Capita’s contract to run primary care service centres.

In December, the GP Committee surveyed practices and individual GPs on the Capita contract. The results showed a little improvement across all service lines, when compared to its previous survey in October 2016, but a “significant deterioration” in some services. Vautrey’s letter said,

“While any new organisation takes time to take over services effectively, the situation has gone from bad to worse since Capita took over the PCSE [Primary Care Support England] service almost two and a half years ago …

“This situation is completely unacceptable. As a result of the lack of improvement in the service delivery of PCSE we are now left with no option but to support practices and individual doctors in taking legal routes to seek resolution. While this is taking place, we believe it is imperative that NHS England conducts a transparent and comprehensive review of all policy, procedures and processes used by PCSE across each service line.”

Comment:

It’ll be clear to some who read the NAO report that the problems with urgent patient notes going astray or being put mistakenly into storage, stems from NHS England’s decision to outsource a complex range of GP support services without fully considering – or caring about – what could go wrong.

It’s not yet known if patients have come to harm. It’s clear, though, that patients have been caught in the middle of a major administrative blunder that has complex causes and for which nobody in particular can be held responsible.

That ministers learned of a major failure on a public sector outsourcing deal over a year after live patient notes began to be archived is not surprising.

About four million civil and public servants have strict rules governing confidentiality. There are no requirements for civil and public service openness except when it comes to the Freedom of Information Act which many officials can – and do – easily circumvent.

Even today, the fourth year of Capita’s contract to run GP support services, the implications for patients of what has gone wrong are not yet fully known or understood.

It’s a familiar story: a public sector blunder for which nobody will take responsibility, for which nobody in particular seems to care about, and for which the preoccupation of officialdom will be to continue playing down the implications or not say anything at all.

Why would they be open when there is no effective requirement for it? It’s a truism that serious problems cannot be fixed until they are admitted. In the public sector, serious problems on large IT-related contracts are not usually fixed until the seriousness of the problems can no longer be denied.

For hundreds of years UK governments have struggled to reconcile a theoretical desire for openness with an instinctive and institutional need to hide mistakes. Nothing is likely to change now.

National Audit Office report – Investigation into clinical correspondence handling in the NHS.

Companies nervous over HMRC customs IT deadline?

By Tony Collins

This Computer Weekly article in 1994 was about the much-delayed customs system CHIEF. Will its CDS replacement that’s being built for the post-Brexit customs regime also be delayed by years?

The Financial Times  reported this week that UK companies are nervous over a deadline next year for the introduction of a new customs system three months before Brexit.

HMRC’s existing customs system CHIEF (Customs Handling of Import Export Freight) copes well with about 100 million transactions a year. It’s expected a £157m replacement system using software from IBM and European Dynamics will have to handle about 255 million transactions and with many more complexities and interdependencies than the existing system.

If the new system fails post-Brexit and CHIEF cannot be adapted to cope, it could be disastrous for companies that import and export freight. A post-Brexit failure could also have a serious impact on the UK economy and the collection of billions of pounds in VAT, according to the National Audit Office.

The FT quoted me on Monday as calling for an independent review of the new customs system by an outside body.

I told the FT of my concern that officials will, at times, tell ministers what they want to hear. Only a fully independent review of the new customs system (as opposed to a comfortable internal review conducted by the Infrastructure and Projects Authority) would stand a chance of revealing whether the new customs system was likely to work on time and whether smaller and medium-sized companies handling freight had been adequately consulted and would be able to integrate the new system into their own technology.

The National Audit Office reported last year that HMRC has a well-established forum for engaging with some stakeholders but has

“significant gaps in its knowledge of important groups. In particular it needs to know more about the number and needs of the smaller and less established traders who might be affected by the customs changes for the first time”.

The National Audit Office said that the new system will need to cope with 180,000 new traders who will use the system for the first time after Brexit, in addition to the 141,000 traders who currently make customs declarations for trade outside the EU.

The introduction in 1994 of CHIEF was labelled a disaster at the time by some traders,  in part because it was designed and developed without their close involvement. CHIEF  was eventually accepted and is now much liked – though it’s 24 years old.

Involve end-users – or risk failure

Lack of involvement of prospective end-users is a common factor in government IT disasters. It happened on the Universal Credit IT programme, which turned out to be a failure in its early years, and on the £10bn National Programme for IT which was dismantled in 2010. Billions of pounds were wasted.

The FT quoted me as saying that the chances of the new customs system CDS [Customs Declaration Service) doing all the things that traders need it to do from day one are almost nil.

The FT quotes one trader as saying,

“HMRC is introducing a massive new programme at what is already a critical time. It would be a complex undertaking at the best of times but proceeding with it at this very moment feels like a high stakes gamble.”

HMRC has been preparing to replace CHIEF with CDS since 2013. Its civil servants say that the use of the SAFe agile methodology when combined with the skills and capabilities of its staff mean that programme risks and issues will be effectively managed.

But, like other government departments, HMRC does not publish its reports on the state of major IT-related projects and programmes. One risk, then,  is that ministers may not know the full truth until a disaster is imminent.

In the meantime ministerial confidence is likely to remain high.

Learning from past mistakes?

HMRC has a mixed record on learning from past failures of big government IT-based projects.  Taking some of the lessons from “Crash”, these are the best  things about the new customs project:

  • It’s designed to be simple to use – a rarity for a government IT system. Last year HMRC reduced the number of system features it plans to implement from 968 to 519. It considered that there were many duplicated and redundant features listed in its programme backlog.
  • The SAFe agile methodology HMRC is using is supposed to help organisations implement large-scale, business-critical systems in the shortest possible time.
  • HMRC is directly managing the technical development and is carrying out this work using its own resources, independent contractors and the resources of its government technology company, RCDTS. Last year it had about 200 people working on the IT programme.

These are the potentially bad things:

  • It’s not HMRC’s fault but it doesn’t know how much work is going to be involved because talks over the post-Brexit customs regime are ongoing.
  • It’s accepted in IT project management that a big bang go-live is not a good idea. The new Customs Declaration Service is due to go live in January 2019, three months before Britain is due to leave the EU. CHIEF system was commissioned from BT in 1989 and its scheduled go-live was delayed by two years. Could CDS be delayed by two years as well? In pre-live trials CHIEF rejected hundreds of test customs declarations for no obvious reason.
  • The new service will use, at its core,  commercially available software (from IBM) to manage customs declarations and software (from European Dynamics) to calculate tariffs. The use of software packages is a good idea – but not if they need large-scale modification.  Tampering with proven packages is a much riskier strategy than developing software from scratch.  The new system will need to integrate with other HMRC systems and a range of third-party systems. It will need to provide information to 85 systems across 26 other government bodies.
  • If a software package works well in another country it almost certainly won’t work when deployed by the UK government. Core software in the new system uses a customs declaration management component that works well in the Netherlands but is not integrated with other systems, as it would be required to do in HMRC, and handles only 14 million declarations each year.
  • The IBM component has been tested in laboratory conditions to cope with 180 million declarations, but the UK may need to process 255 million declarations each year.
  • Testing software in laboratory conditions will give you little idea of whether it will work in the field. This was one of the costly lessons from the NHS IT programme NPfIT.
  • The National Audit Office said in a report last year that HMRC’s contingency plans were under-developed and that there were “significant gaps in staff resources”.

Comment

HMRC has an impressive new CIO Jackie Wright but whether she will have the freedom to work within Whitehall’s restrictive practices is uncertain. It seems that the more talented the CIO the more they’re made to feel like outsiders by senior civil servants who haven’t worked in the private sector.  It’s a pity that some of the best CIOs don’t usually last long in Whitehall.

Meanwhile HMRC’s top civil servants and IT specialists seem to be confident that CDS, the new customs system, will work on time.  Their confidence is not reassuring.  Ministers and civil servants publicly and repeatedly expressed confidence that Universal Credit would be fully rolled by the end of 2017. Now it’s running five years late.  The NHS IT programme NPfIT was to have been rolled out by 2015.  By 2010 it was dismantled as hopeless.

With some important exceptions, Whitehall’s track record on IT-related projects is poor – and that’s when what is needed is known. Brexit is still being negotiated. How can anyone build a new bridge when you’re not sure how long it’ll need to be and what the many and varied external stresses will be?

If the new or existing systems cannot cope with customs declarations after Brexit it may not be the fault of HMRC. But that’ll be little comfort for the hundreds of thousands of traders whose businesses rely, in part, on a speedy and efficient customs service.

FT article – UK companies nervous over deadline for new Customs system

Capita under fire again over GP support contract – but NHS England praises “improvements”

By Tony Collins

Hundreds of trainee GPs have not received their salaries from Capita, which is under contract to pay them, reports The Guardian.

Some of the trainees have applied for emergency funds from The Cameron Fund, a charity for the prevention of hardship among GPs and their dependents.

Capita administers training grants for GPs under its wide-ranging £1bn contract with NHS England to provide primary care services.

In November 2016 the then Health minister Nicola Blackwood described failings on Capita’s GP support contract as “entirely unacceptable”. 

She said Capita had inadequately prepared for delivering a “complex transition”.

In response,  Capita said it adding the full-time equivalent of 500 extra staff on the contract.

But in February 2017, after continuing complaints,  the Health Secretary Jeremy Hunt said he would be prepared to end Capita’s contract if necessary.

Since then, though, NHS England has praised “improvements” in the contract, according to Pulse.

Yesterday The Guardian reported extracts from a letter the British Medical Association sent to NHS England on 30 October 2017.

It said some GP practices were “having to pay trainees out of already overstretched practice budgets, or trainees are going months without being paid if the practice cannot cover the shortfall”.

Capita confirmed it had outstanding payments to some trainee GPs but was unable to say how many it is responsible for paying, or how many it has not paid.

It said that it had not received all the information it needed to pay salaries from the relevant employers. A Capita spokesperson told The Guardian that the problems were an inevitable part of “a major transformation project to modernise a localised and unstandardised service”.

It added: “We have made significant investment to deliver improvements and these have been recognised by NHS England and demonstrated through improved service performance and improved customer satisfaction.”

The Cameron Fund’s treasurer Dr David Wrigley described the outsourcing of GP support services as a “botched privatisation”.

“NHS England has commissioned out what was a very efficient service run within the NHS, and now Capita runs this contract in what I’d call another botched privatisation.”

One trainee GP went unpaid two consecutive months.  At the end of October she posted on a private message board for GPs: “Anyone know of how I access hardship funds (quickly) to feed children/pay nursery/mortgage (quickly)?”

Her surgery gave her a loan last month to tide her over but did not have enough surplus funds to do the same thing again.

She said that in the last 24 hours partners have stepped forward and have all taken a pay cut to provide a loan “to get me through the month as they were worried about my family”.

An NHS England spokesperson said it was “holding Capita’s feet to the fire on needed improvements”.

It added: “In the meantime, the lead employer for Health Education England or the GP practice are responsible for paying their GP trainee salaries and are subsequently reimbursed for this. Backlogs are being prioritised by Capita.”

The BMA’s letter to the NHS chief executive Simon Stevens criticises Capita.

“We are disappointed at the lack of progress that has been made … These issues have been ongoing since NHS England commissioned Capita … and it is unacceptable that more progress has not been made to getting these resolved …

Wrigley wants the House of Commons’ public accounts committee to investigate the contract.

“NHS England have known about this for a while and the BMA has been putting constant pressure on, and it’s all promises that it’ll get better but it doesn’t.”

New systems for cervical screening and GP payments and pensions that are also contracted out to Capita are due to go live next July. The BMA has told NHS England that it has “no confidence” in Capita’s ability to deliver the services.

Comment

It’s possible to have some sympathy for Capita which has the daunting task of trying to standardize a wide range of systems for supporting disparate GP support services.

But, as Campiagn4Change has reported many times on Barnet Council’s Capita outsourcing contract, it can be difficult if not impossible to make huge savings in the cost of running services (£40m in the case of the GP support contract), deliver an IT-based transformation based on new investment and provide a healthy profit for the supplier’s shareholders while at the same time making internal efficiency savings.

Capita’s share price is relatively low and under continuing pressure but is holding up reasonably well given the company’s varied problems.

Still, we wonder whether the company can afford to put large sums into sorting out problems on the GP support contract, at Barnet Council and on other well-publicised contracts?

The MoD has ended a Capita contract early, the company faces litigation from the Co-op and its staff are staging nine days of strikes over pensions.

Who’s to blame?

If anyone is to blame in this NHS saga it is NHS England for not fully understanding the scale and complexity of the challenges when it outsourced to Capita.

The first rule of outsourcing is: Don’t outsource a problem.

Doctors warned NHS England against signing the contract. Under financial pressure to do so – it needed the promised savings  – NHS England’s public servants signed the deal.

Those public servants will not be held accountable for their decision. In which case, what’s to stop public and civil servants making the wrong decisions time and again?

Two further questions:

Is NHS England too close to Capita to see the faults?

Do public servants have a vested interest in not criticising their outsourcing suppliers, in case opprobrium falls on both parties? 

Thank you to Zara Pradyer for drawing my attention to the Guardian article.

Hundreds of trainee GPs facing hardship as outsourcing firm Capita fails to pay – The Guardian.

 

Aftermath of the cyber attack – will ministers learn the wrong lessons?

By Tony Collins

At least 16 NHS trusts out of 47 that were hit by the ransomware attack continue to face problems, according to BBC research.

And, as some patients continued to have their cancer treatments postponed, Tory, Labour and Lib-dem politicians told of their plans to spend more money on NHS IT.

But will any new money promised by government focus on basic weaknesses – such as the lack of interoperability and the structural complexities that made the health service vulnerable to cyber attack?

Last year when the health secretary Jeremy Hunt announced £4bn for NHS IT, his focus was on new technologies such as smartphone apps to order repeat prescriptions rather than any urgent need to upgrade MRI, CT and other medical devices that rely on Windows XP.

Similarly the government-commissioned Wachter review “Making IT Work: Harnessing the Power of HealthInformation Technology to Improve Care in England made no mention of Windows XP or any operating system – perhaps because ministers were much more likely to welcome a review of NHS IT that focused on innovation and new technologies.

Cancer treatments postponed

The Government’s position is that the NHS was not specifically targeted in the cyber attack and that the Tories are putting £2bn into cyber security over the next year.

Theresa May said yesterday,

“It was clear warnings were given to hospital trusts but this is not something that was focused on attacking the NHS. 150 countries are affected. Europol says there are 200,000 victims across the world. Cyber security is an issue we need to address.

“That’s why the government, when we came into government in 2010, put money into cyber security. It’s why we are putting £2bn into cyber security over the coming year.”

Similarly Jeremy Hunt, health secretary, told the BBC that the attack affected international sites that have “some of the most modern IT systems”.

But the BBC’s World at One gave an example of how the NHS’s IT problems were affecting the lives of patients.

It cited the case of Claire Hobday whose radiography appointment for breast cancer at Lincoln County Hospital was cancelled on Friday (12 May 2017) and she still doesn’t know when she’ll receive treatment. Hobday said,

“I turned up by hospital transport for my second radiotherapy session, and I, along with many other patients – at least 20 other people were waiting – and they said the computers weren’t working.

“I do have to say the staff were very good and very quickly let us all know that they were having trouble with the computers. They didn’t want to misinform us, so they were going to come and talk to us all individually and hoped they would be able to rectify it.

“Within half an hour or so they came out and said, ‘We’re really sorry but it’s not going to get sorted. We’ll send you all home and give you a call on Sunday’ which didn’t happen.

“But they did ring me this morning (15 May 2017) to say it’s not happening today and if transport turns up please don’t get in it, and it’s very unlikely it will happen tomorrow.

“It is just a bit upsetting that other authorities have managed to sort it but Lincolnshire don’t seem to have been able to do that.”

United Lincolnshire Hospitals Trust told World at One it will be back in touch with patients once the IT system is restored.

Roy Grimshaw was in the middle of an MRI scan – after dye was injected into his blood stream –  when the scan was stopped and he was asked to go back into the waiting room in his gown, with tubes attached to him, while staff investigated a computer problem. After half an hour he was told the NHS couldn’t continue the scan.

Budgets “not an issue”?

GP practices continue to be affected. Keiran Sharrock, GP and medical director of Lincolnshire local medical committee, said yesterday (15 Mat 2017) that systems were switched off in “many” practices.

“We still have no access to medical records of our patients. We are asking patients to only contact the surgery if they have an urgent or emergency problem that needs dealing with today. We have had to cancel routine follow-up appointments for chronic illnesses or long-term conditions.”

Martha Kearney – BBC World at One presenter –  asked Sharrock about NHS Digital’s claim that trusts were sent details of a security patch that would have protected against the latest ransomware attack.

“I don’t think in general practice we received that information or warning. It would have been useful to have had it,” replied Sharrock.

Kearney – What about claims that budget is an aspect of this?

Sharrock: “Within general practice that doesn’t seem to be the reason this happened. Most general practices have people who can work on their IT and if we’d been given the patch and told it needed to be installed, most practices would have done that straight away.”

GCHQ

World at One also spoke to Ciaran Martin, Director General for Government and Industry Cyber Security.  He is a member of the GCHQ board and its senior information risk owner.  He used to be Constitution Director at the Cabinet Office and was lead negotiator for the Prime Minister in the run-up to the Edinburgh Agreement in 2012 on a referendum on independence for Scotland.

Kearney: Did your organisation issue any warnings to the health service?

Martin: “We issue warnings and advice on how to upgrade defences constantly. It’s generally public on our website and it’s made very widely available for all organisations. We are a national organisation protecting all critical sectors and indeed individuals and smaller organisations as well.”

Huge sums spent on paying ransoms?

Kearney asked Martin, “How much money are you able to estimate is being spent on ransoms as a result of these cyber attacks?” She added,

“I did hear one astonishing claim that in the first quarter of 2016 more money was spent in the USA on responding to ransomware than [was involved] in armed robberies for the whole of that year?”

Martin: “First let me make clear that we don’t condone the payment of ransoms and we strongly advise bodies not to pay and indeed in this case the Department of Health and the NHS have been very clear that affected bodies are not to pay ransoms. Across the globe there is, sadly, a market in ransomware. It is often the private sector in shapes and sizes that is targeted.”

Martha Kearney said the UK may be a target because it has a reputation for being willing to pay ransoms.

Martin, “We are no more or less a target for ransomware than anywhere else. It’s a global business; and it is a business. It is all about return on investment for the attacker.

“What’s important about that is that it’s all about upgrading defences because you can make the return on investment lower by making it harder to get in.”

If an attacker gets in the aim must be to make it harder to get anything useful, in which case the “margin on investment goes down”. He added,

“That’s absolutely vital to addressing this problem.”

Are governments at fault?

Martin,

“Vulnerabilities will always exist in software. Regardless of who finds the underlying software defect, it’s incumbent on the entire cyber security ecosystem – individual users, enterprises, governments or whoever – to work together to mitigate the harm.”

He added that there are “all sorts of vulnerabilities out there” including with open source software.

Windows XP

Computer Weekly reports – convincingly – that the government did not cancel an IT support contract for XP.

Officials decided to end a volume pricing deal with Microsoft which left NHS organisations to continue with XP support if they chose to do so. This was clearly communicated to affected departments.

Government technology specialists, reports Computer Weekly, did not want a volume pricing deal with Microsoft to be  “comfort blanket” for organisations that – for their own local reasons – were avoiding an upgrade from XP.

Computer Weekly also reported that civil servants at the Government Digital Service expressed concerns about the lack of technical standards in the NHS to the then health minister George Freeman.

Freeman was a Department of Health minister until July 2016. In their meeting with Freeman, GDS officials  emphasised the need for a central body to set technical standards across the NHS, with the authority to ensure trusts and other organisations followed best practice, and with the transparency to highlight those who chose not to.

A source told Computer Weekly that Jeremy Hunt was also briefed on the security risks that a lack of IT standards would create in a heavily-federated NHS but it was not considered a priority at that top political level.

“Hunt never grasped the problem,” said the source.

There are doubts, though, that Hunt could have forced trusts to implement national IT security standards even if he’d wanted to. NHS trusts are largely autonomous and GDS has no authority to mandate technical standards. It can only advise.

How our trust avoided being hit

A comment by an NHS IT lead on Digital Health’s website gives an insight into how his trust avoided being hit by the latest cyber attack.  He said his trust had a “focus on perimeter security” and then worked back to the desktop.

“This is then followed up by lots of IG security pop ups and finally upgrading (painfully) windows XP to windows 7…” He added,

“NHS Digital have to take a lead on this and enforce standards for us locally to be able to use.”

He also suggests that NHS Digital sign a Microsoft Enrollment for Windows Azure [EWA] agreement as it is costly arranging such a deal locally.

 “NHS Digital must for me, step in and provide another MS EWA as I am sure the disruption and political fall-out will cost more. Introduce an NHS MS EWA, introduce standards for software suppliers to comply with latest OS and then use CQC to rate organisations that do not upgrade.”

Another comment on the Digital Health website says that even those organisations that could afford the deployment costs of moving from XP to Windows 7 were left with the “professional” version, which “Microsoft has mercilessly withdrawn core management features from (e.g. group policy features)”.

The comment said,

“There are a lot of mercenary enterprises taking advantage of the NHS’s inability to mandate and coordinate the required policies on suppliers which would at least give the under-funded and under-appreciated IT functions the ability to provide the service they so desperately want to.”

A third comment said that security and configuration management in the NHS is “pretty poor”. He added, “I don’t know why some hospitals continue to invest in home-brew email systems when there is a national solution ready and paid for.

“In this recent attack most the organisations hit seem to use local email systems.”

He also criticised NHS organisations that:

  • Do not properly segment their networks
  • Allow workstations to openly and freely connect to each other in a trusted zone.
  • Do not have a proper patch / update management regime
  • Do not firewall legacy systems
  • Don’t have basic ACLs [access control lists)

Three lessons?

  • Give GDS the ability to mandate no matter how many Sir Humphreys would be upset at every challenge to their authority. Government would work better if consensus and complacency at the top of the civil service were regarded as vices, while constructive, effective and forceful criticism was regarded as a virtue.
  • Give the NHS money to spend on the basic essentials rather than nice-to-haves such as a paperless NHS, trust-wide wi-fi, smartphone apps, telehealth and new websites. The essentials include interoperability – so that, at the least, all trusts can send test results and other medical information electronically to GPs –  and the upgrading of medical devices that rely on old operating systems.
  •  Plan for making the NHS less dependent on monolithic Microsoft support charges.

On the first day of the attacks, Microsoft released an updated patch for older Windows systems “given the potential impact to customers and their businesses”.

Patches are available for: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, and Windows 8 x64.

Reuters reported last night that the share prices of cyber security companies “surged as investors bet on governments and corporations spending to upgrade their defences”.

Network company Cisco Systems also closed up (2.3%), perhaps because of a belief that it would benefit from more network spending driven by security needs.

Security company Avast said the countries worst affected by WannaCry – also known as Wannacypt – were Russia, Taiwan, Ukraine and India.

Comment

In a small room on the periphery of an IT conference on board a cruise ship , nearly all of the senior security people talked openly about how their board directors had paid ransoms to release their systems after denial of service attacks.

Some of the companies – most of them household names – had paid ransoms more than once.

Until then, I’d thought that some software suppliers tended to exaggerate IT security threats to help market their solutions and services.

But I was surprised at the high percentage of large companies in that small room that had paid ransoms. I no longer doubted that the threats – and the damage – were real and pervasive.

The discussions were not “off-the-record” but I didn’t report their comments at the time because that would doubtless have had job, and possibly even career ramifications, if I had quoted the security specialists by name.

Clearly ransomware is, as the GCHQ expert Kieran Martin put it, a global business but, as ransoms are paid secretly – there’s not a whisper in corporate annual accounts – the threat has not been taken seriously enough in some parts of the NHS.

The government’s main defence is that the NHS was not targeted specifically and that many private organisations were also affected.

But the NHS has responsibility for lives.

There may be a silver lining if a new government focuses NHS IT priorities on the basics – particularly the structural defects that make the health service an easy target for attackers.

What the NHS doesn’t need is a new set of politicians and senior civil servants who can’t help massaging their egos and trying to immortalise their legacy by announcing a patchwork of technological marvels that are fun to work on, and spend money on, but which gloss over the fact that much of the NHS is, with some notable exceptions, technologically backward.

Microsoft stockpiled patches – The Register

UK government, NHS and Windows XP support – what really happened – Computer Weekly

NHS letter on patches to counter cyber attack

Multiple sites hit by ransomware attack – Digital Health (31 comments)

Lessons from the WannaCrypt – Wannacry – cyber attack according to Microsoft

 

Does Universal Credit make a mockery of Whitehall business cases?

By Tony Collins

Does Universal Credit make a mockery of this Treasury guidance on business cases?

It’s supposed to be mandatory for Whitehall departments to produce business cases. They show that big projects are “unequivocally” affordable and will work as planned.

But Computer Weekly said yesterday that the Department for Work and Pensions has not yet submitted a full business case for Universal Credit although the programme has been running for six years.

The result is that the Universal Credit IT programme may be the first big government computer project to have reached the original completion date before a full business case has been finalised.

Its absence suggests that the Department for Work and Pensions has not yet been able to produce a convincing case to the Treasury that the IT programme will either work or be affordable when it is due to roll out to millions of claimants.

The absence also raises a question of why the Department for Work and Pensions was able to award contracts and proceed with implementation without having to be accountable to Parliament for milestones, objectives, projected costs and benefits – all things that would have been recorded in the full business case.

If the DWP can proceed for years with project implementation without a full business case, does this mean that other Whitehall department need have no final structured plan to justify spending of billions on projects?

Will Universal Credit work?

By early March 2017, fewer than 500,000 people were on Universal Credit. On completion, the system will be expected to cope with seven million claimants.

Although the rollout of the so-called “digital” system – which can handle all types of claim online – is going well (subject to long delays in payments in some areas and extreme hardship for some), there are uncertainties about whether it will cope with millions of claimants.

Universal Credit campaigner John Slater has been unable to obtain any confirmation from the DWP on whether it is planning to complete the rollout by 2022 – five years later than originally scheduled.

Business cases present arguments that justify the spending of public money. They also provide a “clear audit trail for purposes of public accountability,” says Cabinet Office guidance on business cases.

But hundreds of millions has already been spent on Universal Credit IT, according to the National Audit Office.

Business cases are mandatory … sort of

The Treasury says that production of business cases is a

“mandatory part of planning a public sector spending proposal …”

Yesterday, however, Computer Weekly reported that,

“Amazingly, given the programme has been going since 2011, the full business case for Universal Credit has still not been submitted or signed off by the Treasury – that’s due to take place in September this year.”

The Treasury says that preparation of the Full Business Case is “completed following procurement of the scheme – but prior to contract signature – in most public sector organisations.”

But by March 2013, the Department for Work and Pensions had already spent about £303m on Universal Credit IT, mostly with Accenture (£125m), IBM (£75m), HP (49m) and BT (£16m), according to the National Audit Office.

Why a business case is important

The Treasury sums up the importance of business cases in its guidance to departments,

“… it is vital that capital spending decisions are taken on the basis of highly competent professionally developed spending proposals.

The business case provides a

“structured process for appraising, developing and planning to deliver best public value.”

The full business case, in particular, sets out the

  • contractual arrangements
  • funding and affordability
  • detailed management arrangements
  • plans for successful delivery and post evaluation.

In the absence of a full business case the DWP was able to start the Universal Credit IT programme with little structured control on costs. The National Audit Office found in 2013 that there was

  • Poorly managed and documented financial governance
  • Limited evidence that supplier invoices were properly checked before payments were made.
  • Inadequate challenge of purchase decisions
  • Insufficient information on value for money of contracts before ministers approved them
  • Insufficient challenge of suppliers’ cost changes
  • Over-reliance on performance information from suppliers that the Department for Work and Pensions didn’t validate.
  • No enforcement by the DWP of key parts of the supplier contracts

Comment

Officials at the Department for Work and Pensions have gone to the bank for money for a new business venture – the building of Universal Credit IT – and said in effect,

“We’ll let you have an outline business case that may change a few times and in a few years, perhaps on completion of the programme or thereabouts, we’ll provide a full business case. But we’d like the money now please.”

In response the bank – HM Treasury – has replied in effect,

“You’re supposed to supply a full business plan before we decide on whether to give you the money but we know how important Universal Credit is.

“We’ll tell you what: we’ll let you have a few tens of millions here and there and see how you get on.

“For the time being, without a full business case, you’re restricted to an IT spend of around £300m.

“In terms of the eligibility criteria for the money, you can let us know what this should be when you’re a few years down the road.

“We accept that you’ll be in a much better position to know why you should be given the money once you’ve spent it.”

Does “mandatory” mean anything when there is no sanction against non-compliance?

And when the DWP is able to embark on a multi-billion pound programme without submitting a full business case until after the original completion date (2017), what’s the point of a business case?

The fact that the DWP is six years into implementation of Universal Credit without a full business case suggests that departments make up the rules as they go along.

What if the Treasury rejects the Universal Credit business case when it’s eventually submitted?

Will the DWP wait another few years to submit a case, when an entirely new set of officials will be in place? By then, perhaps, the Universal Credit rollout will have finished (or been aborted) and nobody at that stage could be effectively held to account if the scheme didn’t work or money had been wasted.

If Whitehall routinely waits until an IT-based programme is finished before presenting a full business case for Treasury approval, there’s nothing the Treasury can do if it wants and needs the programme.

Sir Humphrey is all-powerful.  Why should officials worry about presenting full business cases on programmes they know there’s a political imperative to deliver?

Can DWP meet its revised 2022 target for completion of Universal Credit? – Computer Weekly

Treasury guidance on business cases

 

 

Southwest One – a positive postscript

By Tony Collins

somerset county council2IBM-led Southwest One has had a mostly bad press since it was set up in 2007. But the story has a positive postscript.

Officials at Somerset County Council now understand what has long been obvious to ICT professionals: that the bulk of an organisation’s savings come from changing the way people work – and less from the ICT itself.

Now that Somerset County Council has the job of running its own IT again – its IT-based relationship with Southwest One ended prematurely in December 2016 – the council’s officials have realised that technology is not an end in itself but an “enabler” of headcount reductions and improvements in productivity.

A 2017 paper by the county council’s “Programme Management Office”  says the council has begun a “technology and people programme” to “contribute to savings via headcount reduction by improving organisational productivity and process efficiency using technology as the key enabler”.

Outsourcing IT a “bad mistake” 

It was in 2007 that Somerset County Council and IBM launched a joint venture, Southwest One. The new company took over the IT staff and some services from the council.

In the nine years since then the council has concluded that outsourcing ICT – thereby separating it from the council’s general operations – was not a good idea.

The same message – that IT is too integral and important to an organisation  to be outsourced – has also reached Whitehall’s biggest department, the Department for Work and Pensions.

Yesterday (8 February 2017) Lord Freud,  who was the Conservative minister in charge of Universal Credit at the Department for Work and Pensions, told MPs that outsourcing IT across government had proved to be a “bad idea”.  He said,

“What I didn’t know, and I don’t think anyone knew, was how bad a mistake it had been for all of government to have sent out their IT…

“You went to these big firms to build your IT. I think that was a most fundamental mistake, right across government  and probably across government in the western world …

” We talk about IT as something separate but it isn’t. It is part of your operating system. It’s a tool within a much better system. If you get rid of it, and lose control of it, you don’t know how to build these systems.

” So we had an IT department but it was actually an IT commissioning department. It didn’t know how to do the IT.

“What we actually discovered through the (Universal Credit) process was that you had to bring the IT back on board. The department has been rebuilding itself in order to do that. That is a massive job.”

Task facing Somerset officials

Somerset County Council says in its paper that the council now suffers from what it describes as:

  • Duplicated effort
  • Inefficient business processes
  • A reliance on traditional ways of working (paper-based and meeting-focused).
  • Technology that is not sufficient to meet business needs
  • Inadequate data extraction that does not support evidence based decision making.
  • “Significant under-investment in IT”.

To help tackle these problems the council says it needs a shift in culture. This would enable the workforce to change the way it works.  

From January 2017 to 2021, the council plans “organisation and people-led transformational change focused on opportunities arising from targeted systems review outcomes”.

The council’s officers hope this will lead to

  • Less unproductive time in travelling and  attending some statutory duties such as court proceedings.
  • Fewer meetings.
  • Reduced management time because of fewer people to manage e.g. supervision, appraisal, performance and sickness.
  • Reduced infrastructure spend because fewer people will mean cuts in building and office costs, and IT equipment. Also less training would be required.
  • Reduction in business support process and roles.
  • Reduction in hard copy file storage and retention.

 The council has discovered that it could, for instance, with changes in working practices supported by the right technology,  conduct the same number of social services assessments with fewer front- line social workers or increase the level of assessments with the same number of staff.

Southwest One continues to provide outsourced services to Avon and Somerset Police. The contract expires next year.

Comment

Somerset County Council is taking a bold, almost private sector approach to IT.

Its paper on “technology and people” says in essence that the council cannot  save much money by IT change alone.

Genuine savings are to be found in changing ways of working and thus reducing headcount. This will require very close working – and agreement – between IT and the business end-users within the council.

It is an innovative approach for a council.

The downside is that there are major financial risks, such as a big upfront spend with Microsoft that may or may not more than pay for itself.

Does outsourcing IT ever make sense?

Somerset County Council is not an international organisation like BP where outsourcing and standardising IT across many countries can make sense.

The wider implication of Somerset’s experience – and the experience of the Department for Work and Pensions – is that outsourcing IT in the public sector is rarely a good idea.

Thank you to Dave Orr, who worked for Somerset County Council as an IT analyst and who has, since the Southwest One contract was signed in 2007, campaigned for more openness over the implications of the deal.

He has been more effective than any Somerset councillor in holding to account the county council, Taunton Deane Borough Council and Avon and Somerset Police, over the Southwest One deal.  He alerted Campaign4Change to Somerset’s “Technology and People Programme” Somerset paper.

One of Orr’s recent discoveries is that the council’s IT assets at the start of the Southwest One contract were worth about £8m and at hand-back in December 2016 were worth just £0.32m, despite various technology refreshes.

Somerset County Council’s “Technology and People Programme” paper

Whitehall’s outsourcing IT a “bad mistake” – and other Universal Credit lessons, by a former DWP minister

Central buying of IT and other services is a bit of a shambles – just what Sir Humphrey wants?

By Tony Collins

Cabinet Office entrance

Cabinet Office entrance

Like the Government Digital Service, the Crown Commercial Service was set up as a laudable attempt to cut the huge costs of running central government.

The Cabinet Office under Francis Maude set up the Crown Commercial Service [CCS] in 2014 to cut the costs of buying common products and services for Whitehall and the wider public sector including the NHS and police.

It has a mandate to buy commodity IT, other products and services and whatever can be bought in bulk. It has had some success – for example with negotiating lower prices for software licences needed across Whitehall. The skills and knowledge of its civil servants are well regarded.

But, like the Government Digital Service, CCS has had limited support from permanent secretaries and other senior officials who’d prefer to protect their autonomy.

It has also been hindered by unachievable promises of billions of pounds in savings. Even CCS’s own managers at the time regarded the Cabinet Office’s plans for huge savings as over-optimistic.

Yesterday [13 December 2016] the National Audit Office published a report that questioned whether CCS has paid its way, let alone cut public sector costs beyond what civil and public servants could have achieved without it.

CCS employed 790 full-time equivalent staff in 2015/16 and had operating costs in one year alone of £66.3m

This was the National Audit Office’s conclusion:

“CCS has not achieved value for money. The Cabinet Office underestimated the difficulty of implementing joint buying for government. With no business case or implementation plan CCS ran into difficulties. Net benefits have not been tracked so it cannot be shown that CCS has achieved more than the former Government Procurement Service would have.

“However, the strategic argument for joint buying remains strong and CCS is making significant changes to improve future services.”

Some of the NAO’s detailed findings:

  • The public sector spends £2.5bn directly with CCS – £8bn less than originally forecast.
  • Seven departments buy directly through CCS – 10 fewer than originally forecast
  • The forecast of £3.3bn net benefits from the creation of CCS over the four years to 2017-18 are  unlikely to materialise.
  • The National Audit Office says the actual net benefits of CCS to date are “unknown”.
  • The Cabinet Office did not track the overall benefits of creating CCS.
  • Most of the planned transfers of procurement staff from central departments and the wider public sector to CCS haven’t happened.
  • Where some of the workforce has transferred, some departments have rehired staff to replace those who transferred.
  • Departments continue to manage their own procurement teams, although they use CCS’s frameworks.
  • CCS was set up with the power to force central departments to use its bulk buying services. But that power wasn’t enforced.
  • The National Audit Office says it is “no longer clear whether CCS has a clear mandate that requires all departments to use it for direct buying… it no longer has a clear timetable or expectation that further departments will transfer staff or buying functions to CCS”.

It’s all a far cry from the expectations set by a Cabinet Office announcement in 2013 which said that CCS will “ensure maximum value for the taxpayer is extracted from every commercial relationship”.

The then Cabinet Office minister Francis Maude said at the time,

“The new Crown Commercial Service will ensure a step change in our commercial capability, giving government a much tighter grip on all aspects of its commercial performance, from market engagement through to contract management.”

Comment

Why CCS has failed so far to make much difference to Whitehall’s costs is not clear. It seems to have been hit by a combination of poor management at the outset, a high turnover of senior officials and ludicrously high expectations, combined with a civil service reluctance in central departments and the wider public sector to cede control over procurement to CCS –  even when it comes to common products and services.

The NAO report is a reminder of a fundamental flaw in the way government works: central departments can’t in practice be forced to do anything. They are a power unto themselves. The Cabinet Office has powers to mandate a change of practice and behaviour in central departments – to which Sir Humphrey can shrug his shoulders and change nothing

Even the Prime Minister is, in practice, powerless to force departments to do something they don’t want to do (except in the case of the miscarriage of justice that involved two Chinook pilots who were eventually cleared of gross negligence because the then defence secretary Liam Fox, through a series of manoeuvres, forced the MoD to set the finding aside).

The CCS may be doomed to failure unless the Cabinet Office rigorously enforces its mandate to make government departments use its buying services.

If the Cabinet Office does not enforce its power, Sir Humphrey will always protect his turf by arguing that the products and services his officials buy – including IT in general – are specific and are usually tailored to the department’s unique and complex needs.

Much to the relief of Sir Humphrey, Francis Maude, the battle-hardened enforcer at the Cabinet Office, has left the House of Commons. He has no comparable replacement.

Are all central initiatives aimed at making  a real dent in the costs of running Whitehall now doomed to failure?

Sir Humphrey knows the answer to that; and he’s wearing a knowing grin.

Crown Commercial Service – National Audit Office report