Category Archives: excessive secrecy

Public sector not reporting multiple cyber attacks

By Tony Collins

Successful cyber attacks on parts of the NHS and some councils and universities have not been reported to the police – even where criminals have locked information and demanded ransom payments, an investigation by The Yorkshire Post found.

The National Crime Agency, which is the UK’s lead agency against organised crime, human, weapon and drug trafficking and cyber crime, has said that “under-reporting of cyber crime remains a key barrier to our understanding of its true scale and cost”.

Its comments were aimed at the directors in the private sector. But it’s clear that the public sector is not setting an example.

The Yorkshire Post says that the Mid Yorkshire Hospitals NHS Trust had two ransomware attacks last year in which data was encrypted on some departmental drives with demands for payment made to unlock it. While no payment was made and the information recovered from back-up systems, neither incident was reported to police.

Barnsley Council had 13 successful ransomware attacks since April 2016 and none was reported to the police. No ransoms were paid, data was restored from back-up systems and accounts were disabled and changed to “render any captured credentials of little use”.

Three of Yorkshire’s universities had almost 300 successful attacks in the 
last three years. None was reported to police.

The 
University of York had 237 incidents which included nine distributed denial of service attacks and a further seven incidents in which servers were “compromised” by hackers.

A spokesman for the university said: “We did not consider that any incident caused sufficient loss, either monetary or of data, to justify reporting to the police.”

The University of Huddersfield had 54 successful attempts and nothing was reported to the police “due to low level impact”.

Ensuring the buck stops nowhere?

In a National Audit Office blog, the NAO’s cyber director Tom McDonald and digital transformation specialists Yvonne Gallagher (who’s a former CIO in two government departments) and Max Tse pointed to a lack of accountability in the public sector for deterring cyber attacks and managing the risks.

In health, for example, the Department of Health’s delegates to NHS England, which funds over 200 local clinical commissioning groups to purchase care from local health trusts.

Social care is the responsibility of the larger local authorities who are accountable to their local electors.

NHS Digital has some overview of data and IT systems for the health and social care sectors (through its management of national NHS IT systems, such as the NHS Spine or N3 Network) and it has a dedicated Data Security Centre, but it has no authority over councils and trusts to ensure even simple security measures are implemented locally, such as software updates and patches.

The National Audit Office found that, across government, “there has been little coherence between the several lines of governance and senior oversight of cyber and information security”.

It added,

“A number of organisations and a plethora of working-level groups have been involved in cyber security and supporting digital transformation across government. The government itself has described these arrangements as an ‘alphabet soup’.”

There’s also a shortage of IT security skills in the public sector, which is exacerbated by the high number of so-called “transformation” projects and programmes and a reliance on legacy systems such as Windows XP which proved vulnerable in the WannaCry attack, said the National Audit Office.

Comment

The government could make it mandatory for Whitehall, councils, the NHS and other parts of the public sector – including the police – to report incidents to the National Crime Agency.

It’s unlikely to happen though.

There’s a woeful lack of reporting and accountability in the public sector on IT-related matters.  WannaCry and hundreds of other “successful” incidents in public sector in the past year will not make any difference.

That the public sector will work to reduce the ill effects of cyber attacks is a given. It’s also inevitable that it’ll work hard at ensuring, in line with culture and convention, that, when there are “successful” incidents, the buck stops nowhere.

Thank you to Zara Pradyer for alerting me to the Yorkshire Post article.

Whitehall renews facade of openness on major IT projects

By Tony Collins

Headlines yesterday on the state of major government IT projects were mixed.

Government Computing said,

“IPA: Whitehall major projects show ‘slow and steady’ delivery improvement”

Computer Weekly said,

“Government IT projects improving – but several still in doubt”

The Register said,

“One-quarter of UK.gov IT projects at high risk of failure – Digital borders, digital tax and raft of MoJ projects singled out”

The headlines were prompted by the Infrastructure and Projects Authority’s annual report which was published yesterday.

The report listed the RAG – red/amber/green – status of each of 143 major projects in the government’s  £455bn major projects portfolio. Thirty-nine of these are ICT projects, worth a total of £18.6bn.

Publication of the projects’ red/amber/green status – called the “Delivery Confidence Assessment” – seemed a sign that the government was being open over the state of its major IT and other projects.

A reversal of decades of secrecy over the progress or otherwise of major IT projects and programmes?

In a foreword to the Infrastructure and Project Authority’s report, two ministers referred twice to the government’s commitment to openness and accountability.

MP Caroline Nokes, Cabinet Office minister, and MP Andrew Jones, a Treasury minister, said in their joint foreword,

“The government is also committed to transparency, and to being responsive and accountable to the public we serve.

“Accordingly, we have collected and published this data consistently over the past five years, enabling us to track the progress of projects on the GMPP [Government Major Projects Portfolio] over time.

“We will continue to be responsive and accountable to the public.”

But the report says nothing about the current state of major IT projects. The delivery confidence assessments are dated September 2016. They are 10 months out of date.

This is because senior civil servants – some of whom may be the “dinosaurs” that former minister Francis Maude referred to last month – have refused to allow politicians to publish the red/amber/gtreen status of major projects (including the Universal Credit programme and the smart meters rollout) unless the information, when published, is at least six months old.

[Perhaps one reason is to give departmental and agency press officers an opportunity to respond to journalists’ questions by saying that the red, red/amber of amber status of a particular major project is out of date.]

Amber – but why?

An amber rating means that “successful delivery appears feasible but significant issues already exist” though any problems “appear resolvable”.

In September 2016 the Universal Credit programme was at amber but we don’t know why. Neither the IPA or the Department for Work and Pensions mention any of the “issues”.

The £11bn smart meters rollout is also at amber and again we don’t know why. Neither the IPA nor the Department for Business, Energy and Industrial Strategy mention any of the “issues”. Permanent secretaries are allowed to keep under wraps the IPA’s reasons for the red/amber/green assessments.

Even FOI requests for basic project information have been refused.  Computer Weekly said,

“Costs for the Verify programme were also withheld from the IPA report, again citing exemptions under FOI.”

Comment

The senior civil servants who, in practice, set the rules for what the Infrastructure and Projects Authority can and cannot publish on major government projects and programmes are likely to be the “dinosaurs” that former Cabinet Office minister Francis Maude referred to last month.

Maude said that Whtehall reforms require that new ministers “face down the obstruction and prevarication from the self-interested dinosaur tendency in the mandarinate.”

Clearly that hasn’t happened yet.

The real information about Universal Credit’s progress and problems will come not from the Infrastructure and Projects Authority – or the Department for Work and Pensions – but from local authoritities, housing associations, landlord organistions, charities and consumer groups such the Citizen’s Advice Bureau (which has called for Universal Credit to be halted), the local press, the National Audit Office and Parliamentary committees such as the Public Accounts Committee and Work and Pensions Committee.

On the smart meter rollout, the real information will come not from the Infrastructure and Projects Authority – or the Department for Business, Energy and Industrial Strategy – but from business journalist Paul Lewis, consumer advocate Martin Lewis, business organistions such as the Institute of Directors,  experts such as Nick Hunn, the Energy and Climate Change Committee and even energy companies such as EDF.

Much of this “real” information will almost certainly be denied by Whitehall press officers. They’ll be briefed by senior officials to give business journalists only selected “good news” facts on a project’s progress and costs.

All of this means that the Infrastructure and Projects Authority may have good advice for departments and agencies on how to avoid project failures – and its tact and deference will be welcomed by permanent secretaries – but it’s likely the IPA will be all but useless in providing early warnings to Parliament and the public of incipient project disasters.

Ministers and some senior civil servants talk regularly about the government’s commitment to openness and accountability. When it will start applying to major government IT projects?

 

UK.gov watchdog didn’t red flag any IT projects. And that alone should be a red flag to everyone

 

 

 

 

Why are councils hiding exit costs of outsourcing deals – embarrassment perhaps?

Tony Collins

Excerpt from Taunton Deane council’s confidential “pink pages”.
The last sentence contains a warning that IBM-owned SWO – Southwest One – may try to “maximise revenues” on exiting its joint venture with the council.

Somerset County Council has refused a Freedom of Information request for the costs of exiting its joint venture with IBM.

But a secret report written last year by officers at Taunton Deane Borough Council – which was a party to the IBM-owned joint venture company Southwest One  – warned that the supplier could attempt to “maximise revenues on exit”.

It said,

“… from experience anything slightly ambiguous within the contract is likely to be challenged by SWO [Southwest One] in order to push it into the chargeable category as they attempt to maximise revenues on exit”.

A separate section of the confidential report said,

“disaggregating from the SWO [Southwest One] contract will be complex and expensive …”

Taunton Deane Borough Council did not tell councillors what the exit turned out to be. The figures are also being kept secret by Somerset County Council which signed the “transformative” SWO joint venture deal with IBM in 2007.

Both councils have now brought back services in-house.

Secrecy over the exit costs is in contrast to Somerset’s willingness to talk in public about the potential savings when local television news covered the setting up of Southwest One in 2007.

The silence will fuel some local suspicions that exit costs have proved considerable and will have contributed to the justifications for Somerset’s large council tax rise this year.

£69m losses?

David Orr, a former Somerset County Council IT employee, has followed closely the costs of the joint venture, and particularly its SAP-based “transformation.

It was his FOI request for details of the exit costs that the council refused.

Orr says that Somerset has lost money as a result of the Southwest One deal. Instead of saving £180m, the joint venture has cost the council £69m, he says.

FOI

Under the Freedom of Information Act, Orr asked Somerset for the “total contract termination costs” including legal, consultancy, negotiation, asset valuations, audit and extra staffing.

He also asked whether IBM was paid compensation for early termination of the Southwest One contract. In replying, the council said,

“The Authority exited from a significant contract with Southwest One early, and the services delivered through this contract were brought back in-house in November 2016.

“The Authority expects the costs to fall significantly now it has regained control of those services.

“Somerset County Council made payment under the ‘Termination for Convenience’ provisions of the original contract. We do hold further information but will not be releasing it at this point as we believe to do so would damage the commercial interests of the County Council, in that it would prejudice the our negotiating position in future contract termination agreements in that it would give contractors details on what terms the Council was willing to settle …”

Orr will appeal. He says the Information Commissioner has already established a principle with Suffolk Coastal District Council that the termination costs of a contract with a third party should be disclosed. The commissioner told Suffolk Coastal council that, in opting out of FOI,

“there is no exemption for embarrassment”

Hidden costs

Taunton’s pink pages paper said that the Southwest One contract’s Exit Management Plan provided for a smooth transfer of services and data, and for access to staff to assess skills and do due diligence.

In practice, though, there were many exit-related complications and costs – potential and actual. The paper warned that Taunton would need to find the money for:

  • Exit programme and project management costs
  • Early termination fees
  • Contingency
  • ICT infrastructure disaggregation
  • Service transition and accommodation costs
  • Disaggregating SAP from Southwest One. Also the council would need to exit its SAP-based shared services with Somerset County Council because the estimated costs were lower when run on a non shared services basis. SAP covered finance, procurement, HR, payroll, website and customer relationship management.
  • Costs involved in a “soft” or “hard” (adversarial) exit.
  • Estimating council exit costs when IBM was keeping secret its own Southwest One running costs.
  • Staff transfer issues.

Comment

So much for open government. It tends to apply when disclosures will not embarrass local government officials.

In 2007 Somerset County Council enjoyed local TV, radio and newspaper coverage of the new joint venture with IBM. Officials spoke proudly on camera of the benefits for local taxpayers, particularly the huge savings.

Now, ten years later, the losses are stacking up. Former Somerset IT employee and FOI campaigner Dave Orr puts the losses at £69m. And local officials are keeping secret the further exit costs.

Suffolk Coastal District Council lost an FOI case to withhold details of how much it paid in compensation to a third party contractor to terminate a contract. But at least it had published its other exit costs.

Somerset is more secretive. It is withholding details of the sums it paid to IBM in compensation for ending the joint venture early; it also refuses to publish its other exit costs.

Trust?

Can anything said by councils such as Somerset or Barnet in support of major outsourcing/joint venture deals be trusted if the claimed savings figures are not audited and the other side of the story – the hidden costs – are, well, hidden?

In local elections, residents choose councillors but they have no say over the appointment of the permanent officials. It’s the officials who decide when to refuse FOI requests; and they usually decide whether the council will tell only one side of the story when public statements are made on outsourcing/joint ventures.

Across the UK, local councils employed 3,400 press and communications staff –  about double the total number in central government – in part to promote the authorities’ services and activities.

What’s the point if they publicise only one side of the story – the benefits and not the costs?

Somerset’s decision to refuse Orr’s reasonable FOI request makes, in its own small way, a mockery of open government.

It also gives just cause for Somerset residents to be sceptical about any council statement on the benefits of its services and activities.

MPs suggest Cabinet Office is losing its grip on departments – but does it care?

By Tony Collins

The Register has an excellent piece by Kat Hall on how the Cabinet Office is losing its grip on Government departments.

Citing the annual report of the all-party Public Accounts Committee, Hall says there are issues where “departments repeatedly don’t do what they have been told or asked to do by the centre”.

An analysis by The Register found that

“government departments are winning significantly more exemptions to splash the cash on expensive IT projects since the departure of former Cabinet Office minister Francis “Mad Frankie” Maude last year”.

Chair of the Public Accounts Committee Meg Hillier said: “After my second year as Chair I am increasingly concerned about the long-term accountability of senior civil servants.

“The game of musical chairs starts as one Permanent Secretary moves on and they all change jobs in the system. And few are in post long enough to have a vested interest in the long-term aims of their department or a project.

“And there is the age-old tension between a department and central Whitehall through the Cabinet Office.”

Universal Credit and HMRC’s plans to overhaul its Aspire IT contract – the biggest in Europe – were outlined as being two areas of concern. As was the Home Office’s Emergency Services Network.

“The Home Office seemed to downplay the risks to the contract and its being caught unawares by the contractor does not reassure us that the Department is on top of the contract or this project. This could cost the taxpayer dear,” it said.

Comment:

It’s hard to argue with a comment on Hall’s piece by @JagPatel3 who suggests that some in Whitehall are as preoccupied with spin as with the efficient delivery of public services.

“… Government is preoccupied with presentation, manipulation of words and the dark art of spinning – instead of working on its programme of reform to deliver public services efficiently, to satisfy the wants, needs and expectations of the electorate.

“The political imperative of needing to put a positive slant on everything the Government does or will do, irrespective of whether it is true or not, is the reason why spin has become the centrepiece of this Government’s communications strategy.

“And because Government has got a monopoly on inside information (enabling it to maintain extremely tight control), it uses spin to divert attention away from the key issues that really matter to citizens …

“the eagerness with which senior Civil Servants have complied with their political masters’ desire to see policy announcements framed around presentation and spin, at the expense of substance, would explain why their skills set has been narrowed down to this single, dark art.”

The commentator also says that the “intense focus of attention on presentation alone has resulted in a massive gap opening up between the leadership and lower ranks of the Civil Service, who have to deal with the reality of delivering public services on the ground, on a day-to-day basis, which has in itself, led to alienation and disaffection”.

A good summary. Many ordinary civil servants are doing the hard work of delivering public services while a few of their masters are preoccupied with keeping what they do secret and justifying or defending all else that is published in National Audit Office reports, other third-party reports or leaked emails.

It’s hardly surprising the Cabinet Office is losing control of departments. Since Maude’s departure it doesn’t want control. It has become clear that it wants, in a hassle-free way,  to continue with Sir Humphrey’s non-integrated approach to government.

The Cabinet Office is just another Whitehall department. Why would it want to be an “enforcer?”

Whitehall to auto-extend outsourcing deals using Brexit as excuse?

By Tony Collins

Type of government procurement spend 2014-2015. ICT is the top item.
Source: National Audit Office

Under a headline “UK outsourcing deals extended because of Brexit workload”, the Financial Times has reported that “hundreds of government contracts with the private sector that were due to expire are to be automatically extended because civil servants are too busy with Brexit to focus on new and better-value tenders”.

The FT says the decision to roll over the contracts could prove expensive for taxpayers because it limits competition and undermines government efforts to improve procurement.

A “procurement adviser to the government” whom the FT doesn’t name, said more than 250 contracts were either close to expiring or had already expired in 2016-17. The adviser told the FT,

“Brexit has pushed them down the list of priorities so there are lots of extensions and re-extensions of existing deals.”

The adviser added that this was the only way civil servants could prioritise the huge increase in Brexit-related work since the referendum.

Extensions

The FT provides no evidence of automatic contract extensions or the claim that deals will be extended because of the civil service’s Brexit workload.

There is evidence, however, that Whitehall officials tend to extend contracts beyond their original expiry date.

In a report published this year on the Cabinet Office’s Crown Commercial Service, the National Audit Office identified 22 framework contracts that were due to expire in 2016-17. Half of them (eleven) were extended beyond their original expiry date.

[The Crown Commercial Service was set up in 2014 to improve state procurement.]

The NAO also found that Whitehall departments – and the Crown Commercial Service – have been awarding contracts using expired framework deals, even though this contravenes public contracting regulations.

In 2015-16, 21 of the 39 frameworks that were due to expire were extended without competition or market testing, according to the NAO.

One example of an extended contract is a deal between Capita and the Department for Work and Pensions which started in 2010. Capita provides eligibility assessments for the personal independent payment allowance, which supports for people with long-term ill health or disability.

The five-year deal was extended by two years until July 2019.

Capita has also won a three-year extension to a contract with the Pensions Regulator and the BBC has extended a deal with Capita that was signed originally in 2002 to June 2022 – a total of at least 20 years.

Open competition?

The NAO has found that extending ICT contracts may not always be good for taxpayers. In the later years of their government contracts, suppliers tend to make higher margins (though not always).

There are also suggestions that civil servants will sometimes sign contract extensions when the performance of the supplier does not meet expected standards.

On ICT, the Cabinet Office asks central departments to complete a return every six months for each business process outsourcing and facilities management contract above £20m with strategic suppliers.

The survey asks whether the contract is being delivered on time, to scope, to budget, to the appropriate standards, and whether there have been any disputes.

In one study of government contracts with ICT suppliers, the NAO found that, of 259 returns from departments, 42 highlighted problems that included,

  • failure to achieve milestones
  • dissatisfaction with quality of outputs
  • errors and other issues with delivery
  • poor customer engagement and end user dissatisfaction and
  • failure to meet key performance indicators.

Comment

For taxpayers there is some good news.

A break-up of “Aspire”, the biggest IT outsourcing long-term deal of all, between HMRC and Capgemini (and to a lesser extent Fujitsu) – worth about £9bn – is going ahead this June. An HMRC spokesman says,

“HMRC is on track to complete the phased exit from Aspire, as planned, by June 2017.”

And according to Government Computing, Defra’s IT outsourcing contracts with IBM and Capgemini under a £1.6bn contract called “Unity” are due to expire in 2018 and there are no signs the deals will be extended.

But the Department for Work and Pensions’ huge IT outsourcing contracts with the same major suppliers are renewed routinely and not always with open competition. The DWP says on its website,

“DWP contracts are awarded by competition between potential suppliers, unless there are compelling reasons why competition cannot be used.”

The DWP doesn’t define “compelling”. Nor is it clear whether its auditors look at whether the DWP has put up a compelling case for not putting a large IT contract out to open competition.

In 2014 the Public Accounts Committee, after investigating major suppliers to government, concluded,

“Government is clearly failing to manage performance across the board, and to achieve the best for citizens out of the contracts into which they have entered.

“Government needs a far more professional and skilled approach to managing contracts and contractors, and contractors need to demonstrate the high standards of ethics expected in the conduct of public business, and be more transparent about their performance and costs”.

Breaking up is hard to do

The break up of the huge Aspire IT outsourcing contract at HMRC is an exception, not the rule. The NAO has found that civil servants regard their major incumbent suppliers as safe and less risky than hiring a smaller company (that’s not steeped in Whitehall’s culture).

The NAO has also found that in some cases officials don’t know whether their suppliers are performing well or not. On many ICT contracts there is “open book” accounting, but not all departments have the staff or expertise to check regularly on whether their suppliers’ profits are excessive.

If Whitehall, with exceptions, is continuing to roll over contracts whether it’s legal to do so or not, what incentive exists to stick to the rules?

Brexit?

The FT story suggests Brexit is the reason hundreds of contracts are to be extended automatically. There’s probably truth in the automatic extension of some contracts – but it’s unlikely to be because of Brexit.

It’s unlikely that the civil servants involved in Brexit will be the same ones who are handling ICT contract extensions. That said, Brexit will inevitably put a higher workload on lawyers working for government.

If contracts are being extended automatically, it’s probably because that’s the way it has always been, at least within living memory.

While Sir Humphrey and his senior officials remain only nominally accountable to Parliament for how they spend taxpayers’ money, the easiest option of renewing or extending existing contracts will usually be seen as the best option.

It can be justified with “compelling” arguments such as a need to make an urgent decision in difficult circumstances, or the absence of alternative suppliers who have the necessary skills or the financial strength to accept the risks of failure.

Will anything change?

Until departments have to publish contemporaneously their intentions to award contracts without open competition or there is effective accountability within the civil service for major decisions, little is likely to change.

It hasn’t happened yet and there’s no reason to believe it will.  Many politicians including prime ministers have tried to reform the civil service and they haven’t ruffled a single carpet in the corridors of Whitehall.

As Antony Jay, co-writer of Yes Minister,  said in January 2013,

“The central anomaly is that civil servants have years of experience, jobs for life, and a budget of hundreds of billions of pounds, while ministers have, usually, little or no experience of the job and could be kicked out tomorrow.

” After researching and writing 44 episodes and a play, I find government much easier to understand by looking at ministers as public relations consultants to the real government – which is, of course, the Civil Service.”

In short, Brexit is likely to be officialdom’s up-to-date excuse for carrying on much as before.

Thank you to @TimMorton2 for alerting me to the FT article.

What Google looks for when hiring staff … traits Whitehall’s culture abhors?

By Tony Collins

The contrast between what Google looks for when hiring staff and what Whitehall looks for when making some of its top appointments, could give clues as to why many government IT-based projects and programmes fail.

First, the strengths Google looks for.  These were set out yesterday on BBC R4 by Laszlo Bock,  human resources chief at Google for 10 years.

Google was named “Best Company to Work For” more than 30 times around the world and received over 100 awards as a top employer during Bock’s time.

In 2010, he was named “Human Resources Executive of the Year”. Under him, Google changed its clunky, arduous recruitment processes that relied on gimmicks like maths puzzles to those that helped the company grow to about 60,000 employees in less than two decades.

In 2015 he  published his first book, The New York Times bestseller Work Rules!, a practical guide to help people find meaning in work and improve the way they live and lead. He resigned from Google in 2016.

On the BBC  “Analysis” programme on Monday evening – which looked at intelligence and talent and what they mean, if anything, in job interviews –  Bock said the least important attribute Google screens for is whether someone knows about the job they are taking on. Crunching the data on successful hiring led Google instead to look for these characteristics:

  • Humility
  • Conscientiousness
  • A sense of responsibility not to quit until the job is done well
  • Comfort with ambiguity
  • A sense of fun
  • Courage

Why courage?

Bock said,

“It’s about the importance of people being able to raise their voices in organisations. One of the things that happens is, when organisations get large, people stop raising their voices and really bad things happen as a result. That’s where you get whistleblowing, insider trading, all kinds of things.

“Human beings are evolved, biologically, as social, hierarchy-seeking animals. We tend to conform. So courage is important because the really innovative, creative stuff comes from ‘I got this crazy idea’ and the bad problems get flagged by people who are willing to raise their hand and say ‘I don’t think this is a good thing to do’.

“Without that you can’t do great things.”

Comment

It’s too easy to generalise about the hiring and appointment of senior civil servants. But it’s possible to understand a little about the hiring culture within Whitehall’s biggest department, the Department for Work and Pensions.

An insight into DWP culture and thinking can be gleaned from the many Lever arch folders of documents filed by the DWP as part of an FOI case in which it spent several years fighting to stop the release of documents about the Universal Credit IT programme.

The documents include DWP witness statements on the “harm” that would be caused if the IT documents in question were published.

The judge in the case, Chris Ryan, challenged most of the DWP’s arguments.

In one of his rulings, Judge Ryan described the DWP’s claims as:

  • alarming and surprising
  • overstated
  • unconvincing
  • close to fanciful

He said that public confidence in the Universal Credit IT programme had been maintained for some time “on a false basis”; and he raised the possibility that an “unhealthily collegiate relationship had developed” between the DWP and private sector IT suppliers. [Campaign4Change will publish a separate blog post on this ruling in the next few days.]

As well as the insight into DWP culture that one can gain from the FOI case, it’s possible to gauge culture and thinking within Whitehall departments from the talented, free-thinking IT individualists who have joined the top layer of the civil service, quit and returned to the private sector.

It would be invidious to pick out some names as there are so many.

What all this suggests is that Whitehall’s culture appreciates conformity and consensus and shuns boat-rocking.

When top IT professionals who joined HMRC and the DWP spoke publicly at conferences about institutional problems that needed to be tackled, mandarins reacted quickly – and such disclosures were never repeated.

And after a leak to the Guardian about the results of a DWP staff survey of morale on the Universal Credit IT programme, the department launched a formal leak inquiry headed by a senior member of the security services.

At the same time, Universal Credit IT programme documents were no longer emailed but transferred around in taxis.

This bout of nervous introspection (the judge described the DWP’s arguments in the FOI case as “defensive”) when taken together with what else we know, indicate that Whitehall’s culture is insular, distrustful and inimical to open challenge and problem-solving (though there are some within the senior Whitehall ranks who successfully defy that culture).

When Bock talks of conformity being a danger within large organisations he would not have had the DWP in mind – but he aptly describes its culture.

When he speaks about the “importance of people being able to raise their voices in organisations” he was probably unaware of the extent to which Whitehall culture abhors raised voices.

As Bock says, when people don’t raise their voices “really bad things happen as a result”. Perhaps the lack of internal challenge was one reason the NHS IT programme – NPfIT – lost billions of pounds, and the DWP’s Universal Credit programme went badly awry for several years.

When Bock says the “really innovative, creative stuff comes from ‘I got this crazy idea’, he could have been describing the culture of the Government Digital Service. But that refreshing GDS culture is being slowly choked by the conservatism of traditional Whitehall departments.

As Bock says, “the bad problems get flagged by people who are willing to raise their hand and say ‘I don’t think this is a good thing to do’.”  But bad problems are things senior civil servants avoid talking about, even internally. A Disneyland”good news” culture pervades central departments.

A National Audit Office report on the Universal Credit programme referred to a “fortress mentality” within the DWP.

Maybe the consensus-seeking John Manzoni, head of the civil service, and his colleague Sir Jeremy Heywood, Cabinet Secretary, could seek to employ Bock as an adviser on appointments and recruitment.

Bock’s brief? To turn around the senior civil service’s culture of conformity, groupthink, denial, selective use of “good news” facts and a lack of open challenge.

Recognising the destructiveness within a big organisation of having the wrong culture – as Bock does – could be the start of a genuine Whitehall transformation.

BBC R4 “Analysis” on talent, intelligence and recruitment

Laszlo Bock steps down

Capita to lose part of £1bn+ Service Birmingham contract?

By Tony Collins

Birmingham City Council is set to take back the “Revenues” – council tax – element of its Service Birmingham contract with Capita.

A report which went before a cabinet meeting on Tuesday said that decisions on the “proposed termination of the revenues element of the Service Birmingham contract” with Capita would be taken in the “private” – secret – part of the meeting.

One reason the discussions are in private is that even though the contract allows the council to take back services “at will”, this may still involve paying compensation to Capita,

In the open part of the meeting, the deputy leader said that bringing the revenues service back in-house will allow the council “greater flexibility” – which appears to mean lower costs.

It will require a change to the wider Service Birmingham contract under which Capita delivers Birmingham’s ICT services.

In particular, said the deputy leader, taking back the revenues service will avoid any need to invoke a formal “change control” within the contract. He didn’t say why the council was keen to avoid invoking the change control clause.

Taking back revenue services could mean up to 150 Capita staff returning to the direct employment of the council, according to theBusinessDesk.com.

Service Birmingham is a joint venture company run by Capita since 2006 in which the council owns a minority of shares. The contract, which mainly covers ICT services, ends in 2021.

In the first few years Capita received about £120m a year from the joint venture but the figure has come down to about £90m-£100m a year after much criticism of the cost of the contract.

Between 2006 and 2012, Service Birmingham paid Capita £994m. It’s unclear whether the payments have represented value for money for Birmingham’s residents.

The report for this week’s cabinet meeting said that since Capita took over revenue collection the government has introduced a number of local welfare reforms [related to Universal Credit] “which have resulted in the council wishing to deal with Revenues matters differently”.

Keen to retain the revenues work, Capita had suggested a revised service to the council but the report said, “These were considered and it was concluded that they did not meet the current requirements of the council.”

Taking back revenue collection could result in “savings” worth £10.5m between next year and 2020, according to theBusinessDesk.com.

The gradual introduction of Universal Credit means that the Department for Work and Pensions, rather than the council, will eventually handle housing benefit payments.

This would mean less work for the council and Service Birmingham.

Councillors were expected at yesterday’s meeting to confirm officer recommendations on terminating the revenues collection part of the Service Birmingham contract. The new arrangements are likely to come into effect from February 1, 2017

Capita says on the Service Birmingham website that it has transformed services and “realised savings of approximately £1bn”. Capita had introduced SMS texting to prompt council tax payments and reduce the need to issue paper reminders.

Overspend

Birmingham council has a serious overspend for 2016/17, estimated to be around £49m.

The Birmingham Independent Improvement Panel says, “The Council faces a mammoth task to prepare a balanced budget for 2017/18.  With very limited general reserves available, this potentially places at risk its future success.”

Lessons

In 2012 a “high-level” review of Service Birmingham by the Best Practice Group suggested that the deal had its successes but that trust and relationships might have been breaking down in some areas.

It said,

“BCC [Birmingham City Council] and SB [Service Birmingham] seemed to overcome early challenges in their relationship by having a ‘great common cause’. The Council entered into this relationship in 2006 because it had the foresight to realise it had to fundamentally transform how it operated in order to improve social outcomes for its population…

“Now the transformation has largely been successful and the initiatives are almost complete, the level of innovation seems to have stalled and the relationship has deteriorated. Somewhere in the fire-fighting, both BCC and SB have lost sight of the next ‘great common cause’ – the fact that the Council needs to further reduce the cost of ICT service delivery by £20m per annum. This will require some significant ‘outside the box’ thinking about how to achieve from both BCC and SB.”

The report said that some individuals within the council needed to understand better that Service Birmingham was not a social enterprise, a public sector mutual, or a charity, and needed “to make a significant return on its capital for its shareholders” amid a “significantly deteriorating financial position due to Government cutbacks.”

Best Practice Group also said that Capita reduced its charges when challenged

“There have been statements made by a number of the officers in the Council that SB drops its prices when challenged, especially when the Council has investigated alternative industry offerings. SB have suggested that it is only when the challenge arises that initial data is clarified and therefore, more focused pricing can be provided.”

Trust

There was – at that time – a “general lack of commercial trust between the parties and the fact that BCC have shown that SB have reported some data incorrectly (after discussion around interpretation), means that the KPIs are not fully aligned to the business outcomes BCC now needs to achieve in the current financial climate”.

The report reached no firm conclusions on value for money but questioned whether Service Birmingham was “significantly more expensive” in some technology areas.

Comment

Birmingham City Council expects to make “savings” by bringing the revenues collection service back in-house.

If the new savings are added to the claimed £1bn savings originally predicted for the Service Birmingham joint venture, are the actual savings more or less what the council could have saved if it carried on supplying ICT in-house, without helping to keep Caita’s shareholders happy?

In fact the word “savings” has been largely discredited when used in connection with large council outsourcing deals and joint ventures.

In the absence of published and audited savings figures, council reports can interpret the word “savings” to mean almost anything.

The unfortunate truth, as observers of Barnet Council’s deal with Capita have discovered, is that local residents who fund joint ventures and outsourcing deals, have no idea whether their councillors end up paying far too much for IT and other services.

Hide

Birmingham Council this week discussed a major revision to the Service Birmingham contract in secret, which raises a wider point.

Commercial confidentiality means that councils and suppliers can hide behind the contract when things go wrong. Indeed all parties to the contract have an interest in not telling the public about anything that goes wrong.

Exactly what is going on with Service Birmingham nobody knows – outside the council’s inner circle of officers and ruling councillors.  Could the contract be costing too much but the cancellation fees are too high to make cancellation worthwhile?

How many of the councillors who were involved in the signing of the original deal will care if it ends up costing a fortune?

The ruling councillors in 2006 are highly unlikely to be the ruling councillors in 2016.

Councils have the power to make the wrong decisions in private and local residents have no options but to pay for those decisions; and when, many years later, councillors want to discuss a major revision to the contract, which could involve paying compensation on the basis of further promised savings, they have the power to go into private session again.

Those who have no right to know what’s going wrong are the captive council tax payers – those who fund the council’s decisions on the basis of never-ending promises of “savings” – savings that are rarely if ever independently verified as having been achieved.

The system could work well if big decisions were taken in public view.

ICT suppliers are not always obsessed with secrecy. They tend to want only very specific details kept secret. Ian Watmore, former head of Accenture, later government chief information officer and the first Civil Service Commissioner, has been a notable advocate of public sector openness.

But council officers and ruling councillors usually want to have all discussions about outsourcing deals in private – largely because life is simpler without accountability.

It’s not a political matter. Birmingham council is staunchly labour but it was a coalition of Conservatives and Lib-dems that set up Service Birmingham in 2006.

In the same way as the government imposed openness on local councils, so new laws or government guidelines could force councils to be open on big decision and major revisions to contracts.

There again, if council tax payers knew in advance the whole truth about the likely full-term costs and speculative benefits of a major IT-based outsourcing deal or joint venture, would such a public-private partnership deal ever be signed?

Update 11.05 17 November 2016

Barnet Council has this week published a report on “£31” savings from its contract with Capita, alongside “increased resident satisfaction”. Barnet outsourced IT,  HR, a call centre and other services in 2013 in a 10-year contract. The Barnet report will be the subject of a separate post on Campaign4Change.

Birmingham set to pull out of [part of] Capita joint venture in revenues collection overhaul.

 

Atos pleased after it’s cleared of “sharp practice”

By Tony Collins

atos

A Cabinet Office review of the Whitehall contracts of IT services company Atos following a Public Accounts Committee allegation of “sharp practice” has more than  exonerated the supplier.

After looking at 12 Atos government contracts, the Cabinet Office has written to the Public Accounts Committee praising Atos for going beyond its contractual obligations. Where the company has fallen short, it has taken remedial steps.

Rarely are any government statements on an IT supplier replete with praise.

It’s likely the vindication will take some MPs by surprise after failings in a project to gather and collect in one place data from all the various GP practice systems – the so-called General Practice Extraction Service.

Now Atos may in future be a position to use the statement as evidence, when bidding, of its success in delivering government IT services and projects.

Millions written off

In December 2015 the Public Accounts Committee was highly critical of Atos in its report on the extraction service project.

The NHS Information Centre accepted the system from Atos although it didn’t work properly. The Centre also made public announcements at the time on the system’s success.  In fact the system had “fundamental design flaws” and millions of pounds was written off.

The Committee said,

“Very common mistakes from past projects were repeated, such as failing to adopt the right contracting approach, failing to ensure continuity of key staff on the project, and failing to undertake proper testing before accepting the system.

“GPES [General Practice Extraction Service] started some five years later than planned; it is over-budget; and it still does not provide the full service required.

“Atos, supplier for a key part of the system, may have met the letter of its contractual obligations but took advantage of a weak client by taking the client’s money while knowing full well that the whole system had not been properly tested.”

The Committee said that the NHS official who was chief executive of the Information Centre when it accepted the flawed system was “awarded total emoluments of £470,000 for the financial year 2012–2013 including a redundancy payment of £330,000”.

Tests

The Committee found that in its approach to the project, “Atos did not show an appropriate duty of care to the taxpayer”.

“We are not satisfied Atos provided proper professional support to an inexpert client and are very concerned that it appears to have acted solely with its own short term best interests in mind.

“Atos admitted that end-to-end testing should always be undertaken and that it was supposed to have happened in this case. However, NHS IC and Atos agreed a more limited test of the Atos component due to delays in completing other parts of the system.

“The Atos software passed this test, but after NHS IC accepted the system—and to Atos’s professed surprise—the system as a whole was found not to work. Atos claims it fixed the issues relating to its software at its own expense and that the additional £1.9 million it received while doing so was for additional work related to 15 new features.

“We found that Atos’s chief executive, Mr Adrian Gregory—the company’s witness in our enquiry—appeared rather indifferent to the plight of the client; we expect more from those contracting with government and receiving funds from the taxpayer.”

“Sharp practice”

The Committee recommended that the Cabinet Office undertake a “full review of Atos’s relationships as a supplier to the Crown”.

“We expect the Cabinet Office to note carefully this example of sharp practice when determining what obligations a duty of care on contractors should entail and what sanctions would apply when performance falls short.”

The government agreed to have a review.

Findings of Cabinet Office review of Atos contracts

The Cabinet Office found no “examples of behaviour that might be described as sharp commercial practice in the course of this review”.

The review team looked at 12 Atos contracts worth a total of more than £500m a year – 80% of Atos’s work with central government.

 

No: Department Contract Name
1 Department for Work and Pensions (DWP) Personal Independence Payments (PIP)
2 Department for Work and Pensions (DWP) Government Gateway Agreement
3 Department for Work and Pensions (DWP) ICT in support of medical assessments
4 HM Treasury (HMT) National Savings and Investments (NS&I)
5 Ministry of Justice (MOJ) Development, Innovation and Support Contracts (DISC) Infrastructure Services Agreement
6 Ministry of Justice (MOJ) End User Computing Services (EUCS)
7 Nuclear Decommissioning Authority (NDA) Shared Service Alliance
8 Home Office (HO) IND Procurement of Infrastructure Development and Support (IPIDS) Agreement
9 Home Office (HO) Contain Agreement
10 Department of Health (DH) Information Management Services (IMS 3)
11 Ministry of Defence (MOD) Strategic Partner Framework Defence Core Network Services (DCNS01)
12 Driver and Vehicle Standards Agency (DVSA) ICT Managed Services Agreement (IS2003)

Far from finding examples of sharp practice, the review team found “examples to the contrary”. In some of the contracts, Atos was “working at risk” and going “beyond their contractual obligations to act in the client’s interests”.

“Specific examples include expediting change control notices at the client’s request in advance of formal approval, taking financial risk ahead of contract extensions and proactively supporting the redeployment of resource to assist in the avoidance of client cost. On one contract, a notice period for a number of major decommissioning events lapsed and Atos continued to deliver the services flexibly to the client’s requirements until the service could be safely decommissioned.”

Where Atos did not meet monthly performance targets, service penalties were incurred and charged to Atos. “It was evident that when operational performance fell short appropriate sanctions were applied.”

Commitment

The Cabinet Office went on to say that Atos proactively and constructively engaged in the review and provided information as requested, “sometimes over and above their contractual commitments”.

The review team added,

“It is clear that Atos values its relationship as a supplier to the Crown; it has a comprehensive approach to the governance of all the contracts reviewed and the Atos leadership team shows commitment to its customers.

“In response to the PAC [Public Accounts Committee] hearing Atos has undertaken a number of initiatives to address PAC’s concerns.

“The Atos corporate programme ‘Client at the Heart’ aims to deepen the client-focussed culture within the organisation by embedding a set of values and action plans to deliver improved service for each contract they run, including all government contracts.

“In addition, whilst employees have always been recognised for achievement in quantitative and qualitative objectives, financial targets vary but typically account for only a small proportion of total reward packages.

“We see this as evidence that Atos client executives are incentivised to provide the appropriate professional support.”

An Atos spokesman told civilserviceworld that the company was “proud to be a trusted supplier” and had welcomed the review as an opportunity to demonstrate the quality of its services.

“We are pleased that the Cabinet Office has concluded that we deliver the appropriate level of professional support to our government clients,” he said.

Comment

It’s clear that Atos deserves credit for going beyond the call of duty on some contracts. It is also clear that those departmental officials the Cabinet Office spoke to as part of the review were happy with Atos.

What’s not so clear is the extent to which civil servants in general are in a position to know how well their major IT suppliers are performing.

Evidence from National Audit Office reports is that departments may not always have comprehensive, accurate and up-to-date information – and enough staff time – to give sound judgements on how well a major IT supplier is performing on a complex contract.

Indeed the National Audit Office can be scathing about the quality of contract management within departments.

In 2013 the Audit Office, in its report “Universal Credit: early progress” identified a series of astonishing failings that, taken together,  suggested that the DWP had little understanding of what its major IT suppliers were charging for, or why, let alone what their performance was like.

The DWP is the largest central government department – which leaves one to wonder whether some other departments, which have smaller budgets and fewer staff, are better or worse off in terms of understanding their IT contracts.

These were some of the contract management weaknesses at the DWP as identified by the National Audit Office in 2013:

  • Over-reliance on performance information that was provided by suppliers without Department validation.
  • Inadequate controls over what would be supplied, when and at what cost because deliverables were not always defined before contracts were signed.
  • Weak contractual relationships with supplier
  • The Department did not enforce all the key terms and conditions of its standard contract management framework, inhibiting its ability to hold suppliers to account.
  • Limited line of sight on cost of delivery, in particular between expenditure incurred and progress made in delivering outputs.
  • Poorly managed and documented financial governance, including for delegated financial authorities and approvals; for example 94 per cent of spending was approved by just four people but there is limited evidence that this was reviewed and challenged.
  • Limited IT capability and ‘intelligent client’ function leading to a risk of supplier self-review.
  • Insufficient review of contractor performance before making payments – on average six project leads were given three days to check 1,500 individual timesheets, with payments only stopped if a challenge was raised.
  • Ministers had insufficient information to assess the value for money of contracts before approving them.
  • Insufficient challenge of supplier-driven changes in costs and forecasts because the programme team did not fully understand the assumptions driving changes.

The Cabinet Office, in its review of Atos, found “inconsistencies” in departmental compliance with guidelines on contract management. It said,

“Where the evidence suggests that contract management is inconsistent [with National Audit Office guidelines on contract management] the Cabinet Office is discussing improvements with the contract owners in the Departments concerned.”

Praise where praise is due and Atos may well be a good – and perhaps outstanding – IT supplier to central government.

But if departments don’t have enough solid information on how well their major IT suppliers are performing, to what extent is any Cabinet Office statement praising an IT supplier likely to be a hopeful panegyric, based on what officials in departments believe they are expected to say?

Cabinet Office statement on Atos to the Public Accounts Committee – 8 September 2016

Public Accounts Committee report on Atos and the General Practice Extraction Service – December 2015

 

DWP derides claimant complaints over digital rollout of Universal Credit

By Tony Collins

dwpLess than 24 hours after the Institute for Government criticised the DWP’s “tendency not to acknowledge bad news”, the department’s press office has poured scorn on complaints to an MP about problems with the rollout of Universal Credit’s “digital” system.

A spokesman for the Department for Work and Pensions has described as “anecdotal” complaints by the public about the “full” digital Universal Credit system in south London.

The DWP has declined to publish reports that would give a factual account of the performance of the Universal Credit digital system during rollout.  Its spokespeople can therefore describe claimant complaints as “anecdotal”.

Cheap

Ministers hope that the in-house and cheaply-developed “full”  digital system will ultimately replace a “live” service that has many workarounds, has cost hundreds of millions of pounds,  has been built by the DWP’s traditional IT suppliers, and deals with only limited groups of claimants.

But the agile-developed digital system has had its problems at a pilot site in Scotland – where the DWP described claimant complaints of being left penniless as “small-scale”.

Now similar problems with the digital system have emerged in south London.

Carshalton and Wallington Liberal Democrat MP Tom Brake told the Guardian yesterday that “on a weekly basis I see residents who don’t receive payments or are forced to use a clunky system which is unusable and unsuitable for people with disabilities.”

He added,

“Every day new problems arise as a result of poor staff training, IT failures and poor IT systems.”  He said problems with a local pilot scheme of the digital system is having a serious effect on many people’s lives.

Problems highlighted by Brake include:

  • Flaws in the online system that prevent people from uploading copies of bank statements and other documents needed to secure payments for childcare places.
  • Long administrative delays and mix-ups over payments to claimants, frequently resulting in their running up arrears or being forced to turn to food banks.
  • Failure to pay, or abruptly ceasing without warning to pay, housing costs on behalf of vulnerable claimants, leaving them at risk of eviction.

A DWP spokesman told the Guardian, “It’s misleading to draw wider conclusions from the anecdotal evidence of a small number of people.

“The reality is people claiming universal credit are moving into work faster and staying in work longer than under the previous system. We are rolling out the UC service to all types of benefit claimants in a safe and controlled way so we can ensure it is working effectively for everyone.”

universal creditNot accepting bad news

Yesterday the Institute for Government published two reports on Universal Credit, focusing on the political, managerial and IT aspects. One of the reports “Learning Lessons from Universal Credit” by Emma Norris and Jill Rutter referred to the DWP’s need to combat its ‘no bad news’ culture.

It said the DWP had a “tendency to not acknowledge bad news, or to acknowledge it insufficiently”. It said “good news culture that prevailed within the DWP, with a reluctance to tell ministers of emerging problems, was a real barrier to identifying and addressing them”. 

Two Parliamentary committees, the Public Accounts Committee and the Work and Pensions have criticised the DWP’s inability to face up to bad news, and its selective approach to the dissemination of information.

“Burst into tears”

The other Institute for Government report published yesterday on Universal Credit – Universal Credit, from disaster to recovery? –  quoted an insider as saying that some of those in the  DWP’s IT team at Warrington burst into tears, so relieved were they to discover that they could tell someone the truth about problems with Universal Credit’s digital system.

In a DWP paper that an FOI tribunal judge has ruled can be disclosed, the DWP conceded that officials lacked “candour and honesty throughout the [Universal Credit IT] Programme and publicly”.

Comment

Problems with the digital system are to be expected.

What’s not acceptable is the DWP’s patronising or scoffing attitude towards claimants who’ve experienced problems with the systems.

In describing the complaints to MP Tom Brake as “anecdotal” the DWP’s hierarchy is aware that it is keeping secret reports that give the facts on the performance of the digital system at pilot sites.

Indeed the DWP is habitually refusing FOI requests to publish reports on the performance of its IT systems. Which enables it to describe all clamant complaints as “anecdotal”.

Test and see

The DWP is taking a “test and see” approach to the roll-out of Universal Credit’s digital system. This means in essence it is using the public as test guinea pigs.

Harsh though this will sound, the DWP’s testing philosophy is understandable. Trying out the digital system on claimants may be the only practical way to bring to the surface all the possible problems. There may be too many complexities in individual circumstances to conduct realistic tests offline.

But why can’t the DWP be open about its digital test strategy? Are its officials – including press officers – locked forever into the culture of “no bad news”?

This denial culture, if it’s maintained, will require the DWP to mislead Parliamentary committees, MPs in general, the public and even stakeholders such as local authorities.

Two select committee reports have criticised the DWP’s prevarications and obfuscations. A chairwoman of the Work and Pensions Committee Dame Anne Begg referred to the DWP’s  tendency to “sweep things under the carpet”.

The Institute for Government referred to even ministers being kept away from bad news.

Other evidence emerged in July 2016 of the DWP’s deep antipathy to external scrutiny and criticism.

It seems that the DWP, with its culture of denial and accepting good news only, would be more at home operating in the government administrations of China, North Korea or Russia.

Isn’t it time the DWP started acknowledging complaints about Universal Credit systems, apologising and explaining what it was doing about resolving problems?

That’s something the governments of China, North Korea and Russia are unlikely to do when something goes wrong.

For decades the DWP has been defensive, introspective and dismissive of all external criticism. It has misled MPs.

And it has done so with an almost eager, cheerful willingness.

But it’s never too late to change.

Digital Universal Credit system is plagued with errors, says MP

Excellent reports on lessons from Universal Credit IT are published today – but who’s listening?

Analysis of Universal Credit IT document the DWP didn’t want published

 

Excellent reports on lessons from Universal Credit IT project published today – but who’s listening?

By Tony Collins

“People burst into tears, so relieved were they that they could tell someone what was happening.”

The Institute for Government has today published one of the most incisive – and revelatory – reports ever produced on a big government IT project.

It concludes that the Universal Credit IT programme may now be in recovery after a disastrous start, but recovery does not mean recovered. Much could yet floor the programme, which is due to be complete in 2022.

The Institute’s main report is written by Nick Timmins, a former Financial Times journalist, who has written many articles on failed publicly-funded IT-based projects.

His invaluable report, “Universal Credit – from disaster to recovery?” – includes interviews with David Pitchford, a key figure in the Universal Credit programme, and Howard Shiplee who led the Universal Credit project.

Timmins also spoke to insiders, including DWP directors, who are not named, and the former secretary of state at the Department for Work and Pensions Iain Duncan Smith and the DWP’s welfare reform minster Lord Freud.

Separately the Institute has published a shorter report “Learning the lessons from Universal Credit which picks out from Timmins’ findings five “critical” lessons for future government projects. This report, too, is clear and jargon-free.

Much of the information on the Universal Credit IT programme in the Timmins report is new. It gives insights, for instance, into the positions of Universal Credit’s major suppliers HP, IBM, Accenture.

It also unearths what can be seen, in retrospect, to be a series of self-destructive decisions and manoeuvres by the Department for Work and Pensions.

But the main lessons in the report – such as an institutional and political inability to face up to or hear bad news – are not new, which raises the question of whether any of the lessons will be heeded by future government leaders – ministers and civil servants – given that Whitehall departments have been making the same mistakes, or similar ones, for decades?

DWP culture of suppressing any bad news continues

Indeed, even as the reports lament a lack of honesty over discussing or even mentioning problems – a “culture of denial” – Lord Freud, the minister in charge of welfare reform, is endorsing FOI refusals to publish the latest risk registers, project assessment reviews and other Universal Credit reports kept by the Department for Work and Pensions.

More than once Timmins expresses his surprise at the lack of information about the programme that is in the public domain. In the “acknowledgements” section at the back of his report Timmins says,

“Drafts of this study were read at various stages by many of the interviewees, and there remained disputes not just about interpretation but also, from some of them, about facts.

“Some of that might be resolvable by access to the huge welter of documents around Universal Credit that are not in the public domain. But that, by definition, is not possible at this stage.”

Churn of project leaders continues

Timmins and the Institute warn about the “churn” of project leaders, and the need for stable top jobs.

But even as the Institute’s reports were being finalised HMRC was losing its much respected chief digital officer Mark Dearnley, who has been in charge of what is arguably the department’s riskiest-ever IT-related programme, to transfer of legacy systems to multiple suppliers as part of the dismantling of the £8bn “Aspire” outourcing venture with Capgemini.

Single biggest cause of Universal Credit’s bad start?

Insiders told Timmins that the fraught start of Universal Credit might have been avoided if Terry Moran had been left as a “star” senior responsible owner of the programme. But Moran was given two jobs and ended up having a breakdown.

In January 2011, as the design and build on Universal Credit started, Terry Moran was given the job of senior responsible owner of the project but a few months later the DWP’s permanent secretary Robert Devereux took the “odd” decision to make Moran chief operating officer for the entire department as well. One director within the DWP told Timmins:

“Terry was a star. A real ‘can do’ civil servant. But he couldn’t say no to the twin posts. And the job was overwhelming.”

The director claimed that Iain Duncan Smith told Moran – a point denied by IDS – that if Universal Credit were to fail that would be a personal humiliation and one he was not prepared to contemplate. “That was very different from the usual ministerial joke that ‘failure is not an option’. The underlying message was that ‘I don’t want bad news’, almost in words of one syllable. And this was in a department whose default mode is not to bring bad news to the top. ‘We will handle ministers’ is the way the department operates…”

According to an insider, “Terry Moran being given the two jobs was against Iain’s instructions. Iain repeatedly asked Robert [Devereux] not to do this and Robert repeatedly gave him assurances that this would be okay” – an account IDS confirms. In September 2012, Moran was to have a breakdown that led to early retirement in March 2013. He recorded later for the mental health charity Time to Talk that “eventually, I took on more and more until the weight of my responsibilities and my ability to discharge them just grew too much for me”.

Timmins was told, “You cannot have someone running the biggest operational part of government [paying out £160bn of benefits a year] and devising Universal Credit. That was simply unsustainable,”

Timmins says in his report, “There remains a view among some former and current DWP civil servants that had that not happened (Moran being given two jobs), the programme would not have hit the trouble it did. ‘Had he been left solely with responsibility for UC [Universal Credit], I and others believe he could have delivered it, notwithstanding the huge challenges of the task,’ one says.”

Reviews of Universal IT “failed”

Timmins makes the point that reviews of Universal Credit by the Major Projects Authority failed to convey in clear enough language that the Universal Credit programme was in deep trouble.

“The [Major Projects Authority] report highlighted a lack of sufficient substantive action on the points raised in the March study. It raised ‘high’ levels of concern about much of the programme – ‘high’ being a lower level of concern than ‘critical’. But according to those who have seen the report, it did not yet say in words of one syllable that the programme was in deep trouble.”

Iain Duncan Smith told Timmins that the the Major Projects review process “failed me” by not warning early enough of fundamental problems. It was the ‘red team’ report that did that, he says, and its contents made grim reading when it landed at the end of July in 2012.

Train crash on the way

The MPA [Cabinet Office’s Major Projects Authority] reviewed the programme in March 2011. “MPA reports are not in the public domain. But it is clear that the first of these flagged up a string of issues that needed to be tackled …

” In June a member of the team developing the new government’s pan-government website – gov.uk – was invited up to Warrington [base for the Universal Credit IT team] to give a presentation on how it was using an agile approach to do that.

“At the end of the presentation, according to one insider, a small number from the audience stayed behind, eyeing each other warily, but all wanting to talk. Most of them were freelancers working for the suppliers. ‘Their message,’ the insider says, ‘was that this was a train crash on the way’ – a message that was duly reported back to the Cabinet Office, but not, apparently, to the DWP and IDS.”

Scared to tell the truth

On another occasion when the Major Projects Authority visited the IT team at Warrington for the purposes of its review, the review team members decided that “to get to the truth they had to make people not scared to tell the truth”. So the MPA “did a lot of one-on-one interviews, assuring people that what they said would not be attributable. And under nearly every stone was chaos.

“People burst into tears, so relieved were they that they could tell someone what was happening.

” There was one young lad from one of the suppliers who said: ‘Just don’t put this thing [Universal Credit] online. I am a public servant at heart. It is a complete security disaster.’

IBM, Accenture and HP

“Among those starting to be worried were the major suppliers – Accenture, HP and IBM. They started writing formal letters to the department.

‘Our message,’ according to one supplier, ‘was: ‘Look, this isn’t working. We’ll go on taking your money. But it isn’t going to work’.’ Stephen Brien [then expert adviser to IDS] says of those letters: ‘I don’t think Iain saw them at that time, and I certainly didn’t see them at the time.”

At one point “serious consideration was given to suing the suppliers but they had written their warning letters and it rapidly became clear that that was not an option”.

Howard Shiplee, former head of the project, told Timmins that he had asked himself ‘how it could be that a very large group of clever people drawn from the DWP IT department with deep experience of the development and operation of their own massive IT systems and leading industry IT suppliers had combined to get the entire process so very wrong? Equally, ‘how could another group of clever people [the GDS team] pass such damning judgement on this earlier work and at the stroke of a pen seek to write off millions of pounds of taxpayers’ money?’

Shiplee commissioned a review from PwC on the work carried out to date and discovered that the major suppliers “were genuinely concerned to have their work done properly, support DWP and recover their reputations”.

In addition, when funding had been blocked at the end of 2012, the suppliers “had not simply downed tools but had carried on development work for almost three months” as they ran down the large teams that had been working on it.

“As a result, they had completed the development for single claimants that was being used in the pathfinder and made considerable progress on claims for couples and families. And their work, the PwC evaluation said, was of good quality.”

On time?

When alarm bells finally started ringing around Whitehall that Universal Credit was in trouble,  IDS found himself under siege. Stephen Brien says IDS was having to battle with the Treasury to keep the funding going for the project. He had to demonstrate that the programme was on time and on budget.

‘The department wanted to support him in that, and didn’t tell him all the things that were going wrong. I found out about some of them, but I didn’t push as hard as I should have. And looking back, the MPA [Major Projects Authority] meetings and the MPA reports were all handled with a siege mentality. We all felt we had to stand shoulder to shoulder defending where we were and not really using them to ask: ‘Are we where we should be?’

‘As a result we were not helping ourselves, and we certainly were not helping others, including the MPA. But we did get to the stage between the end of 2011 and the spring of 2012 where we said: ‘Okay, let’s get a red team in with the time and space to do our own challenge.’”

The DWP’s “caste” system

A new IT team was created in Victoria Street, London – away from Warrington but outside the DWP’s Caxton Street headquarters. It started to take a genuinely agile approach to the new system. One of those involved told Timmins:

“It had all been hampered by this caste system in the department where there is a policy elite, then the operational people, and then the technical people below that.

“And you would say to the operational people: ‘Why have you not been screaming that this will never work?’ And they’d say: ‘Well, we’re being handed this piece of sh** and we are just going to have to make it work with workarounds, to deal with the fact that we don’t want people to starve. So we will have to work out our own processes, which the policy people will never see, and we will find a way to make it work.’

Twin-track approach

IBM, HP and Accenture built what’s now known as the “live” system which enabled Universal Credit to get underway, and claims to be made in jobcentres.

It uses, in part, the traditional “waterfall” approach and has cost hundreds of millions of pounds. In contrast there’s a separate in-house “digital” system that has cost less than £10m and is an “agile” project.

A key issue, Shiplee told Timmins, was that the new digital team “would not even discuss the preceding work done by the DWP and its IT suppliers”. The digital team had, he says, “a messiah-like approach that they were going to rebuild everything from scratch”.

Rather than write everything off, Shiplee wanted ideally to marry the “front-end” apps that the GDS/DWP team in Victoria Street was developing with the work already done. But “entrenched attitudes” made that impossible. The only sensible solution, he decided, was a “twin-track” approach.

“The Cabinet Office remained adamant that the DWP should simply switch to the new digital version – which it had now become clear, by late summer, would take far longer to build than they anticipated – telling the DWP that the problem was that using the original software would mean ‘creating a temporary service, and temporary will become permanent’.

“All of which led to the next big decision, which, to date, has been one of the defining ones. In November 2013, a mighty and fraught meeting of ministers and officials was convened. Pretty much everyone was there. The DWP ministers, Francis Maude (Cabinet Office minister), Oliver Letwin who was Cameron’s policy overlord, Sir Jeremy Heywood, the Cabinet Secretary, Sir Bob Kerslake, the head of the home civil service, plus a clutch of DWP officials including Robert Devereux and Howard Shiplee as the senior responsible owner along with Danny Alexander and Treasury representatives.

“The decision was whether to give up on the original build, or run a twin-track approach: in other words, to extend the use of the original build that was by now being used in just over a dozen offices – what became dubbed the ‘live’ service – before the new, and hopefully much more effective, digital approach was finished and on stream.

“It was a tough and far from pleasant meeting that is etched in the memories of those who were there…

“One of those present who favoured the twin-track approach says: There were voices for writing the whole of the original off. But that would have been too much for Robert Devereux [the DWP’s Permanent Secretary] and IDS.

” So the twin-track approach was settled on – writing a lot of the original IT down rather than simply writing it off. That, in fact, has had some advantages even if technically it was probably the wrong decision…

“It has, however, seen parts of the culture change that Universal Credit involves being rolled out into DWP offices as more have adopted Universal Credit, even if the IT still requires big workarounds.

“More and more offices, for example, have been using the new claimant commitment, which is itself an important part of Universal Credit. So it has been possible to train thousands of staff in that, and get more and more claimants used to it, while also providing feedback for the new build.”

Francis Maude was among those who objected to the twin-track approach, according to leaked minutes of the project oversight board at around this time.

Lord Freud told Timmins,

‘Francis was adamant that we should not go with the live system [that is, the original build]. He wanted to kill it. But we, the DWP, did not believe that the digital system would be ready on anything like the timescales they were talking about then …But I knew that if you killed the live system, you killed Universal Credit…”

In the end the twin-track approach was agreed by a majority. But the development of the ‘agile’ digital service was immediately hampered by a spat over how quickly staff from the GDS were to be withdrawn from the project.

Fury over National Audit Office report

In 2013 the National Audit Office published a report Universal Credit – early progress –  that, for the first time, brought details of the problems on the Universal Credit programme into the public domain. Timmins’ report says that IDS and Lord Freud were furious.

“IDS and, to an only slightly lesser extent, Lord Freud were furious about the NAO report; and thus highly defensive.”

IDS tried to present the findings of the National Audit Office as purely historical.

In November 2014, the NAO reported again on Universal Credit. It once more disclosed something that ministers had not announced – that the timetable had again been put back two years (which raises further questions about why Lord Freud continues to refuse FOI requests that would put into the public domain – and inform MPs – about project problems, risks and delays without waiting for an NAO report to be published)..

Danny Alexander “cut through” bureaucracy

During one period, the Treasury approval of cash became particularly acute. Lord Freud told Timmins:

“We faced double approvals. We had approval about any contract variation from the Cabinet Office and then approvals for the money separately from the Treasury.

“The Government Digital Service got impatient because they wanted to make sure that the department had the ability to build internally rather than going out to Accenture and IBM, who (sic) they hate.

“The approvals were ricocheting between the Cabinet Office and the Treasury and when we were trying to do rapid iteration. That was producing huge delays, which were undermining everything. So in the end Danny Alexander [Lib-dem MP who was chief secretary to the Treasury] said: ‘I will clear this on my own authority.’ And that was crucial. Danny cut through all of that.”

Optimism bias

So-called optimism bias – over-optimism – is “such a common cause of failure in both public and private projects that it seems quite remarkable that it needs restating. But it does – endlessly”.

Timmins says the original Universal Credit white paper – written long before the start of the programme – stated that it would involve “an IT development of moderate scale, which the Department for Work and Pensions and its suppliers are confident of handling within budget and timescale”.

David Pitchford told Timmins,

“One of the greatest adages I have been taught and have learnt over the years in terms of major projects is that hope is not a management tool. Hoping it is all going to come out all right doesn’t cut it with something of this magnitude.

“The importance of having a genuine diagnostic machine that creates recommendations that are mandatory just can’t be overstated. It just changes the whole outcome completely. As opposed to obfuscation and optimism bias being the basis of the reporting framework. It goes to a genuine understanding and knowledge of what is going on and what is going wrong.”

Sir Bob Kerslake, who also identified the ‘good news culture’ of the DWP as being a problem, told Timmins,

“All organisations should have that ability to be very tough about what is and isn’t working. The people at the top have rose-tinted specs. They always do. It goes with the territory.

And unless you are prepared to embrace people saying that ‘really, this is in a bad place’… I can think of points where I have done big projects where it was incredibly important that we delivered the unwelcome news of where we were on that project. But it saved me, and saved my career.”

Recovery?

Timmins makes good arguments for his claim that the Universal Credit programme may be in recovery – but not recovered – and that improvements have been made in governance to allow for decisions to be properly questioned.

But there is no evidence the DWP’s “good news” culture has changed. For instance the DWP says that more than 300,000 people are claiming Universal Credit but the figure has not been audited and it’s unclear whether claimants who have come off the benefit and returned to it – perhaps several times – are being double counted.

Timmins points out the many uncertainties that cloud the future of the Universal Credit programme  – how well the IT will work, whether policy changes will hit the programme, whether enough staff will remain in jobcentres, and whether the DWP will have good relations with local authorities that are key to the delivery of Universal Credit but are under their own stresses and strains with resourcing.

There are also concerns about what changes the Scots and Northern Irish may want under their devolved powers, and the risk that any ‘economic shock’ post the referendum pushes up the volume of claimants with which the DWP has to deal.

 Could Universal Credit fail for non-IT reasons?

Timmins says,

“In seeking to drive people to higher earnings and more independence from the benefits system, there will be more intrusion into and control over the lives of people who are in work than under the current benefits system. And there are those who believe that such an approach – sanctioning people who are already working – will prove to be political dynamite.”

The dire consequences of IT-related failure

It is also worth noting that Universal Credit raises the stakes for the DWP in terms of its payment performance, says Timmins.

“If a tax credit or a Jobseeker’s Allowance payment or any of the others in the group of six go awry, claimants are rarely left penniless in the sense that other payments – for example, Housing Benefit in the case of Jobseeker’s Allowance or tax credits, – continue.

“If a Universal Credit payment fails, then all the support from the state, other than Child Benefit or disability benefits not included within Universal Credit, disappears.”

This happened recently in Scotland when an IT failure left hundreds of families penniless. The DWP’s public response was to describe the failure in Scotland as “small-scale”.

Comment

What a report.

It is easy to see how much work has gone into it. Timmins has coupled his own knowledge of IT-related failure with a thorough investigation into what has gone wrong and what lessons can be learned.

That said it may make no difference. The Institute in its “lessons” report uses phrases such as “government needs to make sure…”. But governments change and new administrations have an abundance – usually a superfluity – of confidence and ambition. They regard learning lessons from the past as putting on brakes or “nay saying”. You have to get with the programme, or quit.

Lessons are always the same

There will always be top-level changes within the DWP. Austerity will always be a factor.  The culture of denial of bad news, over-optimism about what can be achieved by when and how easily it can be achieved, over-expectations of internal capability, over-expectation of what suppliers can deliver, embarking on a huge project without clearly or fully understanding what it will involve, not listening diligently to potential users and ridiculously short timescales are all well-known lessons.

So why do new governments keep repeating them?

When Universal Credit’s successor is started in say 2032, the same mistakes will probably be repeated and the Institute for Government, or its successor, will write another similar report on the lessons to be learned.

When Campaign4Change commented in 2013 that Universal Credit would probably not be delivered before 2020 at the earliest, it was an isolated voice. At the time, the DWP press office – and its ministers – were saying the project was on budget and “on time”.

NPfIT

The National Audit Office has highlighted similar lessons to those in the Timmins report, for example in NAO reports on the NPfIT – the NHS IT programme that was the world’s largest non-military IT scheme until it was dismantled in 2011. It was one of the world’s biggest IT disasters – and none of its lessons was learned on the Universal Credit programme.

The NPfIT had an anti-bad news culture. It did not talk enough to end users. It had ludicrous deadlines and ambitions. The politicians in charge kept changing, as did some of programme leaders. There was little if any effective internal or external challenge. By the time it was dismantled the NPfIT had lost billions.

What the Institute for Government could ask now is, with the emasculation of the Government Digital Service and the absence of a powerful Francis Maude figure, what will stop government departments including the DWP making exactly the mistakes the IfG identifies on big future IT-enabled programmes?

In future somebody needs the power to say that unless there is adequate internal and external challenge this programme must STOP – even if this means contradicting a secretary of state or a permanent secretary who have too much personal and emotional equity in the project to allow it to stop. That “somebody” used to be Francis Maude. Now he has no effective replacement.

Victims

It’s also worth noting in the Timmins report that everyone seems to be a victim, including the ministers. But who are perpetrators? Timmins tries to identify them. IDS does not come out the report smelling of roses. His passion for success proved a good and bad thing.

Whether the direction was forwards or backwards IDS  was the fuel that kept Universal Credit going.  On the other hand his passion made it impossible for civil servants to give him bad news – though Timmins raises questions about whether officials would have imparted bad news to any secretary of state, given the DWP’s culture.

Neither does the DWP’s permanent secretary Robert Devereux emerge particularly well from the report.

How it is possible for things to go so badly wrong with there being nobody to blame? The irony is that the only people to have suffered are the genuine innocents – the middle and senior managers who have most contributed to Universal Credit apparent recovery – people like Terry Moran.

Perhaps the Timmins report should be required reading among all involved in future major projects. Competence cannot be made mandatory. An understanding of the common mistakes can.

Thank you to FOI campaigner Dave Orr for alerting me to the Institute’s Universal Credit reports.

Thanks also to IT projects professional John Slater – @AmateurFOI – who has kept me informed of his FOI requests for Universal Credit IT reports that the DWP habitually refuse. 

Update 18.00 6 September 2016

In a tweet today John Slater ( @AmateurFOI ) makes the important point that he asked the DWP and MPA whether either had held a “lessons learned” exercise in the light of the “reset” of the Universal Credit IT programme. The answer was no.

This perhaps reinforces the impression that the DWP is irredeemably complacent, which is not a good position from which to lead major IT projects in future.

Universal Credit – from disaster to recovery?

Learning the lessons from Universal Credit