Category Archives: IBM

Whitehall’s outsourcing of IT a “bad mistake” – and other Universal Credit lessons – by ex-DWP minister

By Tony Collins

Lord Freud, former Conservative minister at the Department for Work and Pensions – who is described as the “architect” of Universal Credit – said yesterday that outsourcing IT across government had been a “bad mistake”.

He announced in December 2016 that was retiring from government. Having been the minister for welfare reform who oversaw the Universal Credit programme, Lord Freud yesterday went before the Work and Pensions Committee to answer questions on the troubled scheme.

He said,

“The implementation was harder than I had expected. Maybe that was my own naivety. What I didn’t know, and I don’t think anyone knew, was how bad a mistake it had been for all of government to have sent out their IT.

“It happened in the 1990s and early 2000s. You went to these big firms to build your IT. I think that was a most fundamental mistake, right across government and probably across government in the western world…

We talk about IT as something separate but it isn’t. It is part of your operating system. It’s a tool within a much better system. If you get rid of it, and lose control of it, you don’t know how to build these systems.

“So we had an IT department but it was actually an IT commissioning department. It didn’t know how to do the IT.

“What we actually discovered through the (UC) process was that you had to bring the IT back on board. The department has been rebuilding itself in order to do that. That is a massive job.”

But didn’t DWP civil servants make it clear at the outset that there wasn’t the in-house capability to build Universal Credit?

“The civil service thought it had the capacity because it could commission the big firms – the HPs and the IBMs – to do it. They did not see the problem, and government as a whole did not see the problem of doing it.

“It’s only when you get into building something big you discover what a problem that was…”

Accountability needed

But it was known at the launch of Universal Credit that government IT projects had a history of going wrong. Why hadn’t people [the DWP] learnt those lessons?

“I agree with you. People have found it very hard to work out what was the problem… you need someone doing it who is accountable. But when you commission out, you don’t have that process.

“You need a lot of continuity and that’s not something in our governance process. Ministers turn over very regularly and more importantly civil servants tend to turn over rather regularly because of the pay restrictions – they only get more pay when they are promoted – so there is a two-year promotion round for good people.

“Effectively we had a programme that had been built outside, or with a lot of companies helping us build it.”

Lord Freud explained differences between the two Universal Credit systems being rolled out.

First there is the “live” system [built at a cost of hundreds of millions of pounds that interfaces with legacy benefit systems but is not interactive beyond the initial application form].

The DWP is also rolling out in some pilot areas such as Croydon a “full system” [built at a cost of less than £10m, run on agile principles and is interactive beyond the initial application form].

Lord Freud said,

“The difference between the two is that the live system has all of the essential features of Universal Credit – you get paid an amount at a certain time – but interaction with the system after the initial application is through the telephone or through the post.

“The interactive [“full”] system has the features of Universal Credit but interaction with it is much faster because it’s on the internet. That’s the difference…

“How would I have done it in retrospect?

“The other thing I have discovered about big organisations that I hadn’t understood was it’s very difficult for them to deal with something that’s purely conceptual.

“You need something on the ground. What you should do is get something on the ground quickly – small, maybe imperfect – but the organisation can start coalescing around it, understand it, and start working it.

“Oddly, not having an all-singing, all-dancing system that is now going out, was essential for the organisation to understand what it had and how to adapt it. The IT is only a very small element. Most of the work is around your operations and organisation and how you apply it.

“The second thing we introduced in the 2013 reset was “test and learn”. It’s a phrase but what it means is that you have a system you understand and then test and test, instead of going out with a big system at once. You test all the elements because it’s impossible to envisage how something as big (as Universal Credit) unless you do it like that.

Lessons for government as a whole?

“It was a mistake putting IT out. You have to bring it back in. It’s quite hard to bring it back in because the image of government with the IT industry is not great so you have to set up an atmosphere of getting really good people in, so it’s an attractive place to work; you have to pay them appropriately.

“Our pay scales are not representative of what happens in some of these industries.

Scarce skills

“There are three areas of specialisation that government finds it very hard to buy: various bits of IT, running contracts and project management. Those are three really scarce skills in our economy. We need in government to pay for those specialisms if we are to do big projects.”

Other lessons?

“There’s an odd structure which I don’t quite believe in any more, which is the relationship between the politician – the minister – and the civil service.

“The concept is that the politicians decide what their objectives are and the civil service delivers it. I don’t believe that you can divide policy and implementation in that way. That’s a very big issue because our whole government is built up with that concept and has been for more than 100 years.”

Where does project management fit?

“In theory the civil service produces the project management but it’s an odd circumstance. It didn’t quite happen with Universal Credit. In my first five years I had no fewer than six senior responsible owners and six project managers.

“You can imagine what that was like with something as complicated as Universal Credit when the senior people hadn’t had the time to understand what it was they were dealing with; and what that implied for the minister – me – in terms of holding that together.”

Lord Freud suggested that he was acting as the permanent project manager although he had his normal ministerial duties as well – including being the government’s spokesman in the House of Lords on welfare reform matters.

“As a minister you don’t have time to do project manage a big project. I was sending teams out to make sure we were on top of particular things, which were then reincorporated into the whole process. But it was a very difficult time as we built the department into a capability to do this. There is now a very capable team doing it.”

Comment:

Two of the questions raised by Lord Freud’s comments are: If outsourcing IT is now considered such a bad idea for central government, why is it councils continue to outsource IT?

Would it be better for taxpayers in the long run if the Department for Communities and Local Government intervened to stop such deals going ahead?

Lord Freud’s evidence on Universal Credit programme in full

 

 

 

Southwest One – a positive postscript

By Tony Collins

somerset county council2IBM-led Southwest One has had a mostly bad press since it was set up in 2007. But the story has a positive postscript.

Officials at Somerset County Council now understand what has long been obvious to ICT professionals: that the bulk of an organisation’s savings come from changing the way people work – and less from the ICT itself.

Now that Somerset County Council has the job of running its own IT again – its IT-based relationship with Southwest One ended prematurely in December 2016 – the council’s officials have realised that technology is not an end in itself but an “enabler” of headcount reductions and improvements in productivity.

A 2017 paper by the county council’s “Programme Management Office”  says the council has begun a “technology and people programme” to “contribute to savings via headcount reduction by improving organisational productivity and process efficiency using technology as the key enabler”.

Outsourcing IT a “bad mistake” 

It was in 2007 that Somerset County Council and IBM launched a joint venture, Southwest One. The new company took over the IT staff and some services from the council.

In the nine years since then the council has concluded that outsourcing ICT – thereby separating it from the council’s general operations – was not a good idea.

The same message – that IT is too integral and important to an organisation  to be outsourced – has also reached Whitehall’s biggest department, the Department for Work and Pensions.

Yesterday (8 February 2017) Lord Freud,  who was the Conservative minister in charge of Universal Credit at the Department for Work and Pensions, told MPs that outsourcing IT across government had proved to be a “bad idea”.  He said,

“What I didn’t know, and I don’t think anyone knew, was how bad a mistake it had been for all of government to have sent out their IT…

“You went to these big firms to build your IT. I think that was a most fundamental mistake, right across government  and probably across government in the western world …

” We talk about IT as something separate but it isn’t. It is part of your operating system. It’s a tool within a much better system. If you get rid of it, and lose control of it, you don’t know how to build these systems.

” So we had an IT department but it was actually an IT commissioning department. It didn’t know how to do the IT.

“What we actually discovered through the (Universal Credit) process was that you had to bring the IT back on board. The department has been rebuilding itself in order to do that. That is a massive job.”

Task facing Somerset officials

Somerset County Council says in its paper that the council now suffers from what it describes as:

  • Duplicated effort
  • Inefficient business processes
  • A reliance on traditional ways of working (paper-based and meeting-focused).
  • Technology that is not sufficient to meet business needs
  • Inadequate data extraction that does not support evidence based decision making.
  • “Significant under-investment in IT”.

To help tackle these problems the council says it needs a shift in culture. This would enable the workforce to change the way it works.  

From January 2017 to 2021, the council plans “organisation and people-led transformational change focused on opportunities arising from targeted systems review outcomes”.

The council’s officers hope this will lead to

  • Less unproductive time in travelling and  attending some statutory duties such as court proceedings.
  • Fewer meetings.
  • Reduced management time because of fewer people to manage e.g. supervision, appraisal, performance and sickness.
  • Reduced infrastructure spend because fewer people will mean cuts in building and office costs, and IT equipment. Also less training would be required.
  • Reduction in business support process and roles.
  • Reduction in hard copy file storage and retention.

 The council has discovered that it could, for instance, with changes in working practices supported by the right technology,  conduct the same number of social services assessments with fewer front- line social workers or increase the level of assessments with the same number of staff.

Southwest One continues to provide outsourced services to Avon and Somerset Police. The contract expires next year.

Comment

Somerset County Council is taking a bold, almost private sector approach to IT.

Its paper on “technology and people” says in essence that the council cannot  save much money by IT change alone.

Genuine savings are to be found in changing ways of working and thus reducing headcount. This will require very close working – and agreement – between IT and the business end-users within the council.

It is an innovative approach for a council.

The downside is that there are major financial risks, such as a big upfront spend with Microsoft that may or may not more than pay for itself.

Does outsourcing IT ever make sense?

Somerset County Council is not an international organisation like BP where outsourcing and standardising IT across many countries can make sense.

The wider implication of Somerset’s experience – and the experience of the Department for Work and Pensions – is that outsourcing IT in the public sector is rarely a good idea.

Thank you to Dave Orr, who worked for Somerset County Council as an IT analyst and who has, since the Southwest One contract was signed in 2007, campaigned for more openness over the implications of the deal.

He has been more effective than any Somerset councillor in holding to account the county council, Taunton Deane Borough Council and Avon and Somerset Police, over the Southwest One deal.  He alerted Campaign4Change to Somerset’s “Technology and People Programme” Somerset paper.

One of Orr’s recent discoveries is that the council’s IT assets at the start of the Southwest One contract were worth about £8m and at hand-back in December 2016 were worth just £0.32m, despite various technology refreshes.

Somerset County Council’s “Technology and People Programme” paper

Whitehall’s outsourcing IT a “bad mistake” – and other Universal Credit lessons, by a former DWP minister

Days from taking back outsourced IT, Somerset Council is unsure what it’ll find

By Tony Collins

Facing the TV cameras, officials at Somerset County Council spoke with confidence about the new joint venture company they had set up with the “world-class” IT supplier IBM.

“The contract has to succeed; we will make it succeed, ” a senior official said at the time. Greater choice for residents, more control, sustained improvement of services, improved efficiency, tens of millions in savings and enhanced job prospects for staff.

These were some of the promises in 2007.

Since then, Somerset County Council has been through a costly legal dispute with IBM; projected savings have become losses, and Somerset is days away from taking back the service early.

Now the council faces new IT-related risks to its reputation and finances, warns a team of auditors.

In several audit reports on the exit arrangements, auditors warn of a series of uncertainties about:

  •  what exactly IT assets the council will own as of 1 December 2016, when the joint venture hands back IT and staff.
  • how much software may not be licensed, therefore being used illicitly.
  • how much software is being paid for without being needed or used, wasting council tax money.
  • whether thousands of pieces of hardware have been disposed of securely over the years of the contract, or whether confidential data could later turn up in the public domain.
  • the accuracy of some supplied information. “… the same networking hardware items have the same value associated with them even though one is twelve years old and the other only four” said auditors.

Comment

That Somerset County Council laments setting up the Southwest One joint venture with IBM is not new. What continues to surprise is the extent of the difficulties of ending the joint venture cleanly – despite months, indeed more than a year – of preparatory work.

The realty is that uncertainties and risks abound.

When IT journalists ask leading councillors and officers at the start of outsourcing/joint venture deals whether all the most potentially serious risks have been given proper consideration, the spokespeople inevitably sound supremely confident.

If things go wrong, they are sure the council will be able to take back the service under secure arrangements that have been properly planned and written into the contract.

Yet today some of the most potentially serious risks to Somerset’s finances and reputation come from continuing threats such as the possibility confidential data being found on old hardware not securely disposed of.

Or the council may be paying for unneeded software licences.

In short Somerset County Council is taking back the IT service on 1 December 2016 without being certain what it will find.

In future, therefore, when councillors and officials across the country talk with supreme confidence at the start of an outsourcing deal or joint venture about large savings, sustained efficiencies, and a step-change improvement in services that comes with the benefits of collaborating with a world-class private-sector partner, local residents will have every right to be deeply sceptical.

For the reality is more likely to be that the council and its world-class supplier are about to embark on a journey into the unknown.

Thank you to campaigner Dave Orr for alerting me to the council audit reports that made this post possible.

TV broadcast in 2007 days after the council and IBM signed the Southwest One joint venture deal.

**

Excerpts from reports due to be considered by Somerset County Council’s Audit Committee next week (29 November 2016):

“… laptops, servers, storage devices, networking equipment, etc.) have been disposed of without the correct documentation historically, throughout the term with SWO [Southwest One]. There is a high likelihood that without the documentation to show that SWO were meant to have previously disposed of any specific data baring assets in a compliant manner then subsequent fines and loss of reputation will need to be dealt with by the Council.

“This is being addressed as part of the exit works but initial investigations show an expected lack of documentation.

**

“The quality of asset management and therefore exposure to risk (over and above this inherited risk) is expected to improve significantly once asset management returns to SCC [Somerset County Council).”

**

“Asset locations have been updated and improved though there are still issues regarding all asset details not being recorded accurately in the Asset Register. There is a risk that if wrong details are recorded against an asset then incorrect decisions could be made regarding these assets which may in turn cause the Council financial loss and/or loss of reputation.”

**

“… the same networking hardware items have the same value associated with them even though one is twelve years old and the other only four.”

**

“Software assets are now included in the monthly asset register report though the information collected and lack of correlation to meaningful license information means the original risk is not fully mitigated.

“This continued lack of software asset usage information against licensing proof of entitlement as well as the obvious risk of illegally using non licensed software there is also a risk that the Council is wasting public funds and Council officer’s time to manage unnecessary software. This means the Council will not be able to show “Best Value” in these purchases which could lead to fines being imposed by Central Government and loss of reputation by the inefficiencies being reported in the media.”

**

“I cannot though see evidence of the warranty & support arrangements being recorded or accurate recording of end of life assets. Due to a lack of or incorrect detail on the asset information there is the risk of incorrect decisions being made regarding an asset’s usage which could then lead to loss of money or reputation for the Council.”

MPs to debate Capita NHS contract today

By Tony Collins

In the House of Commons today MPs will debate the Capita Primary Care Support Services contract.

It has been secured by Coventry North West MP Geoffrey Robinson, who wants GPs to be compensated for the failures arising from the outsourcing contract.

The debate comes a day after the BBC reported that “more than 9,000 patients’ records in Norfolk, Suffolk and Essex have gone missing” since Capita took on the task of transferring files.

As part of its contract Capita took on the job of transferring patients’ records, when people move from one GP to another.

A BBC survey of 78 GP practices showed that 9,009 records had been missing for more than two months.

Capita told the BBC it did not “recognise these claims”.

An NHS England spokesman said, “We know there have been serious issues with services delivered by Capita which have had an unacceptable impact on practices. We are ensuring Capita takes urgent steps to improve services.”

Patients “at risk”

Paul Conroy, a practice manager in Essex, has started a House of Commons petition on the delays, which has been signed by more than 3,000 people. It calls for an inquiry into the Capita contract and the impact it has had on GP practices.

“GPs rely on that full medical history in order to make key clinical decisions on patient care,” he said.

“If they can’t get hold of that physical record there could be vital information there could be vital information that puts a patient at risk.”

James Dillon, director of Practice Index – an organisation bringing together practice managers – told the BBC,

“GP practices are getting more and more frustrated by the missing patient records.

“Not only is this debacle putting the health of their patients at risk, it is putting added pressure on already stretched practices.”

In a statement, Capita said it had taken on the “challenging initiative” to streamline GP support services and there had been “teething problems”.

“[But] medical records are now being delivered securely up to three times faster than under the previous system,” it said.

“We do not recognise these claims regarding thousands of files being missing whatsoever.

“We request and move on average 100,000 files a week from multiple sites including GP surgeries and also third party run storage facilities which are contracted and managed by NHS England.”

GP magazine Pulse quoted MP Geoffrey Robinson as saying that the secretary of state should intervene directly “as this is extremely dangerous”. Robinson said that some medical records are not being delivered at all, or delivered late or delivered to the wrong practices.

Dr Richard Vautrey, deputy chairman of the British Medical Association’s GP Committee said that the problems arising from the outsourcing contract “are directly impacting on the ability of many GPs to provide safe, effective care to their patients in the area”.

He said, “They are in some cases being left without the essential information they need to know about a new patient and the tools to treat them.”

In August 2016, NHS England published the results of a User Satisfaction Survey of primary care support services over the previous six months. Only 21% of GPs were satisfied with the outsourced service, giving it an average overall score of 2.91 out of 10.

Lunacy?

An anonymous GP told Pulse how the problems are affecting him. He refers to the “performers list” that assures the public that GPs are suitably qualified, have up to date training, have appropriate English language skills and have passed other relevant checks such as with the Disclosure and Barring Service and the NHS Litigation Authority.

Said the GP,

“I moved 12 months ago and still haven’t been able to transfer performers list. I am 6 months late for my appraisal and unemployable except for my current salaried job as a result.

” It would have been easier to emigrate. The department responsible for the performers list at Capita is uncontactable except via a national email that isn’t responded to and a phone line that isn’t able to put you through to anyone.

“… As it is it’s virtually impossible to move region if you a UK GP. I am basically a slave bonded to a geographical region, forbidden to move house and work anywhere else other than short periods. Totally at the mercy of a faceless uninterested bureaucracy incapable of helping. Lunacy and utterly depressing. Why the hell did I become a GP? I curse the day.”

“I urgently need my medical records”

A patient who wrote to Campaign4Change said,

“My medical records were requested at the beginning of June 2016 when I changed to another health centre about 2 miles away.

“[I] phoned Capita today and was told there was no record of this request and to get my solicitor to contact them. Then they put the phone down. I don’t have and cannot afford a solicitor.

“I urgently need my medical records with my new doctor and am feeling helpless and extremely stressed by this.”

Pulse magazine reported yesterday (7 November 2016) the results of a snapshot survey of 281 GP practices carried out by the BMA’s GP Committee. It found:

  • 31% of practices had received incorrect patient records;
  • 28% failed to receive or have records collected from them on the date agreed with Capita;
  • 58% reported that new patient registrations were not processed within the required three days.
  • 81% of urgent requests for records were not actioned within three weeks.

GP practices also noted a reduction in the number of incorrect payments and fewer delays in registrations of the “performers list”.

Comment

It would be a pity if MPs today, in criticising Capita, lost sight of the bigger picture: how such outsourcing deals are considered and awarded.

The root of the problem is that before the contract is awarded officials concentrate their attention on the minutiae of the benefits: exactly how much will be saved, and how this will be achieved.

Pervading the pre-contract literature and discussions are the projected savings. This is understandable but wrong.

It’s understandable because it’s the projected savings that justify the sometimes-exciting time and effort that go into the pre-contract negotiations and discussions.

Large amounts of money are at stake. For officials, the pre-contract work can be a euphoric time – certainly more interesting than the day-to-day routine.

But what happens to negotiation and discussion of risk?

Risk is a table or two at the back of the reports. It’s a dry, uninspiring vaguely technical and points-scoring analysis of the likelihood of adverse events and the seriousness of the consequences materialising.

Sometimes the most serious risks are highlighted in red. But there’s always a juxtaposed “mitigation” strategy that appears to reassure. Indeed it appears to cancel out any reason for concern.

Risk is mentioned at the back of the internal pre-contract because it’s a cultural anathema. It’s the equivalent of visits by Building Regulations inspectors at a theme park under construction.

Who wants to talk about risk when a contract worth hundreds of millions of pounds is about to be awarded?

A bold official may dare to point out the horror stories arising from previous outsourcing contracts. That hapless individual will then be perceived by the outsourcing advisory group to have a cloud over his or her head. Not one of us.

And the horror stories will be dismissed by the officer group as the media getting it wrong as usual. The horror stories, it will be explained, were in fact successes.

Even when big public sector outsourcing deals end in a legal action between the main parties, officials and the supplier will later talk – without explanation or detail or audited accounts –  of the contract’s savings and overall success.

We’re seeing this on the Southwest One outsourcing/joint venture contract.

No doubt some will claim the GP contract support contract is a success. They’ll describe problems as teething. Marginalise them. And later, when it comes to the awarding of future contracts, supporters of the GP outsourcing contract will be believed over the critics.

And so the cycle of pre-contract outsourcing euphoria and post-contract rows over failure will be repeated indefinitely.

It would be of more use if MPs today debated the role of NHS England in the award of the GP support contract.

Blaming Capita will do little good. The supplier will face some minor financial penalties and will continue to receive what it is contractually due.

Countless National Audit Office reports show how contracts between the public and private sectors, when it comes to the crunch, strongly protect the supplier’s interests. The public sector doesn’t usually have a leg to stand on.

A focus today on Capita would be a missed opportunity to do some lasting good.

NHS England letter on Capita contract – September 2016

Capita NHS contract under scrutiny after “teething” problems – June 2016

GPs decry Capita’s privatised services as shambles – The Guardian

Did NHS England consider us in the Capita take-over?

NHS England vows to hold Capita to account

Capita mistakenly flags up to 15% of GP practice patients for removal  

Capita primary care support service performance “unacceptable”

 

 

 

Excellent reports on lessons from Universal Credit IT project published today – but who’s listening?

By Tony Collins

“People burst into tears, so relieved were they that they could tell someone what was happening.”

The Institute for Government has today published one of the most incisive – and revelatory – reports ever produced on a big government IT project.

It concludes that the Universal Credit IT programme may now be in recovery after a disastrous start, but recovery does not mean recovered. Much could yet floor the programme, which is due to be complete in 2022.

The Institute’s main report is written by Nick Timmins, a former Financial Times journalist, who has written many articles on failed publicly-funded IT-based projects.

His invaluable report, “Universal Credit – from disaster to recovery?” – includes interviews with David Pitchford, a key figure in the Universal Credit programme, and Howard Shiplee who led the Universal Credit project.

Timmins also spoke to insiders, including DWP directors, who are not named, and the former secretary of state at the Department for Work and Pensions Iain Duncan Smith and the DWP’s welfare reform minster Lord Freud.

Separately the Institute has published a shorter report “Learning the lessons from Universal Credit which picks out from Timmins’ findings five “critical” lessons for future government projects. This report, too, is clear and jargon-free.

Much of the information on the Universal Credit IT programme in the Timmins report is new. It gives insights, for instance, into the positions of Universal Credit’s major suppliers HP, IBM, Accenture.

It also unearths what can be seen, in retrospect, to be a series of self-destructive decisions and manoeuvres by the Department for Work and Pensions.

But the main lessons in the report – such as an institutional and political inability to face up to or hear bad news – are not new, which raises the question of whether any of the lessons will be heeded by future government leaders – ministers and civil servants – given that Whitehall departments have been making the same mistakes, or similar ones, for decades?

DWP culture of suppressing any bad news continues

Indeed, even as the reports lament a lack of honesty over discussing or even mentioning problems – a “culture of denial” – Lord Freud, the minister in charge of welfare reform, is endorsing FOI refusals to publish the latest risk registers, project assessment reviews and other Universal Credit reports kept by the Department for Work and Pensions.

More than once Timmins expresses his surprise at the lack of information about the programme that is in the public domain. In the “acknowledgements” section at the back of his report Timmins says,

“Drafts of this study were read at various stages by many of the interviewees, and there remained disputes not just about interpretation but also, from some of them, about facts.

“Some of that might be resolvable by access to the huge welter of documents around Universal Credit that are not in the public domain. But that, by definition, is not possible at this stage.”

Churn of project leaders continues

Timmins and the Institute warn about the “churn” of project leaders, and the need for stable top jobs.

But even as the Institute’s reports were being finalised HMRC was losing its much respected chief digital officer Mark Dearnley, who has been in charge of what is arguably the department’s riskiest-ever IT-related programme, to transfer of legacy systems to multiple suppliers as part of the dismantling of the £8bn “Aspire” outourcing venture with Capgemini.

Single biggest cause of Universal Credit’s bad start?

Insiders told Timmins that the fraught start of Universal Credit might have been avoided if Terry Moran had been left as a “star” senior responsible owner of the programme. But Moran was given two jobs and ended up having a breakdown.

In January 2011, as the design and build on Universal Credit started, Terry Moran was given the job of senior responsible owner of the project but a few months later the DWP’s permanent secretary Robert Devereux took the “odd” decision to make Moran chief operating officer for the entire department as well. One director within the DWP told Timmins:

“Terry was a star. A real ‘can do’ civil servant. But he couldn’t say no to the twin posts. And the job was overwhelming.”

The director claimed that Iain Duncan Smith told Moran – a point denied by IDS – that if Universal Credit were to fail that would be a personal humiliation and one he was not prepared to contemplate. “That was very different from the usual ministerial joke that ‘failure is not an option’. The underlying message was that ‘I don’t want bad news’, almost in words of one syllable. And this was in a department whose default mode is not to bring bad news to the top. ‘We will handle ministers’ is the way the department operates…”

According to an insider, “Terry Moran being given the two jobs was against Iain’s instructions. Iain repeatedly asked Robert [Devereux] not to do this and Robert repeatedly gave him assurances that this would be okay” – an account IDS confirms. In September 2012, Moran was to have a breakdown that led to early retirement in March 2013. He recorded later for the mental health charity Time to Talk that “eventually, I took on more and more until the weight of my responsibilities and my ability to discharge them just grew too much for me”.

Timmins was told, “You cannot have someone running the biggest operational part of government [paying out £160bn of benefits a year] and devising Universal Credit. That was simply unsustainable,”

Timmins says in his report, “There remains a view among some former and current DWP civil servants that had that not happened (Moran being given two jobs), the programme would not have hit the trouble it did. ‘Had he been left solely with responsibility for UC [Universal Credit], I and others believe he could have delivered it, notwithstanding the huge challenges of the task,’ one says.”

Reviews of Universal IT “failed”

Timmins makes the point that reviews of Universal Credit by the Major Projects Authority failed to convey in clear enough language that the Universal Credit programme was in deep trouble.

“The [Major Projects Authority] report highlighted a lack of sufficient substantive action on the points raised in the March study. It raised ‘high’ levels of concern about much of the programme – ‘high’ being a lower level of concern than ‘critical’. But according to those who have seen the report, it did not yet say in words of one syllable that the programme was in deep trouble.”

Iain Duncan Smith told Timmins that the the Major Projects review process “failed me” by not warning early enough of fundamental problems. It was the ‘red team’ report that did that, he says, and its contents made grim reading when it landed at the end of July in 2012.

Train crash on the way

The MPA [Cabinet Office’s Major Projects Authority] reviewed the programme in March 2011. “MPA reports are not in the public domain. But it is clear that the first of these flagged up a string of issues that needed to be tackled …

” In June a member of the team developing the new government’s pan-government website – gov.uk – was invited up to Warrington [base for the Universal Credit IT team] to give a presentation on how it was using an agile approach to do that.

“At the end of the presentation, according to one insider, a small number from the audience stayed behind, eyeing each other warily, but all wanting to talk. Most of them were freelancers working for the suppliers. ‘Their message,’ the insider says, ‘was that this was a train crash on the way’ – a message that was duly reported back to the Cabinet Office, but not, apparently, to the DWP and IDS.”

Scared to tell the truth

On another occasion when the Major Projects Authority visited the IT team at Warrington for the purposes of its review, the review team members decided that “to get to the truth they had to make people not scared to tell the truth”. So the MPA “did a lot of one-on-one interviews, assuring people that what they said would not be attributable. And under nearly every stone was chaos.

“People burst into tears, so relieved were they that they could tell someone what was happening.

” There was one young lad from one of the suppliers who said: ‘Just don’t put this thing [Universal Credit] online. I am a public servant at heart. It is a complete security disaster.’

IBM, Accenture and HP

“Among those starting to be worried were the major suppliers – Accenture, HP and IBM. They started writing formal letters to the department.

‘Our message,’ according to one supplier, ‘was: ‘Look, this isn’t working. We’ll go on taking your money. But it isn’t going to work’.’ Stephen Brien [then expert adviser to IDS] says of those letters: ‘I don’t think Iain saw them at that time, and I certainly didn’t see them at the time.”

At one point “serious consideration was given to suing the suppliers but they had written their warning letters and it rapidly became clear that that was not an option”.

Howard Shiplee, former head of the project, told Timmins that he had asked himself ‘how it could be that a very large group of clever people drawn from the DWP IT department with deep experience of the development and operation of their own massive IT systems and leading industry IT suppliers had combined to get the entire process so very wrong? Equally, ‘how could another group of clever people [the GDS team] pass such damning judgement on this earlier work and at the stroke of a pen seek to write off millions of pounds of taxpayers’ money?’

Shiplee commissioned a review from PwC on the work carried out to date and discovered that the major suppliers “were genuinely concerned to have their work done properly, support DWP and recover their reputations”.

In addition, when funding had been blocked at the end of 2012, the suppliers “had not simply downed tools but had carried on development work for almost three months” as they ran down the large teams that had been working on it.

“As a result, they had completed the development for single claimants that was being used in the pathfinder and made considerable progress on claims for couples and families. And their work, the PwC evaluation said, was of good quality.”

On time?

When alarm bells finally started ringing around Whitehall that Universal Credit was in trouble,  IDS found himself under siege. Stephen Brien says IDS was having to battle with the Treasury to keep the funding going for the project. He had to demonstrate that the programme was on time and on budget.

‘The department wanted to support him in that, and didn’t tell him all the things that were going wrong. I found out about some of them, but I didn’t push as hard as I should have. And looking back, the MPA [Major Projects Authority] meetings and the MPA reports were all handled with a siege mentality. We all felt we had to stand shoulder to shoulder defending where we were and not really using them to ask: ‘Are we where we should be?’

‘As a result we were not helping ourselves, and we certainly were not helping others, including the MPA. But we did get to the stage between the end of 2011 and the spring of 2012 where we said: ‘Okay, let’s get a red team in with the time and space to do our own challenge.’”

The DWP’s “caste” system

A new IT team was created in Victoria Street, London – away from Warrington but outside the DWP’s Caxton Street headquarters. It started to take a genuinely agile approach to the new system. One of those involved told Timmins:

“It had all been hampered by this caste system in the department where there is a policy elite, then the operational people, and then the technical people below that.

“And you would say to the operational people: ‘Why have you not been screaming that this will never work?’ And they’d say: ‘Well, we’re being handed this piece of sh** and we are just going to have to make it work with workarounds, to deal with the fact that we don’t want people to starve. So we will have to work out our own processes, which the policy people will never see, and we will find a way to make it work.’

Twin-track approach

IBM, HP and Accenture built what’s now known as the “live” system which enabled Universal Credit to get underway, and claims to be made in jobcentres.

It uses, in part, the traditional “waterfall” approach and has cost hundreds of millions of pounds. In contrast there’s a separate in-house “digital” system that has cost less than £10m and is an “agile” project.

A key issue, Shiplee told Timmins, was that the new digital team “would not even discuss the preceding work done by the DWP and its IT suppliers”. The digital team had, he says, “a messiah-like approach that they were going to rebuild everything from scratch”.

Rather than write everything off, Shiplee wanted ideally to marry the “front-end” apps that the GDS/DWP team in Victoria Street was developing with the work already done. But “entrenched attitudes” made that impossible. The only sensible solution, he decided, was a “twin-track” approach.

“The Cabinet Office remained adamant that the DWP should simply switch to the new digital version – which it had now become clear, by late summer, would take far longer to build than they anticipated – telling the DWP that the problem was that using the original software would mean ‘creating a temporary service, and temporary will become permanent’.

“All of which led to the next big decision, which, to date, has been one of the defining ones. In November 2013, a mighty and fraught meeting of ministers and officials was convened. Pretty much everyone was there. The DWP ministers, Francis Maude (Cabinet Office minister), Oliver Letwin who was Cameron’s policy overlord, Sir Jeremy Heywood, the Cabinet Secretary, Sir Bob Kerslake, the head of the home civil service, plus a clutch of DWP officials including Robert Devereux and Howard Shiplee as the senior responsible owner along with Danny Alexander and Treasury representatives.

“The decision was whether to give up on the original build, or run a twin-track approach: in other words, to extend the use of the original build that was by now being used in just over a dozen offices – what became dubbed the ‘live’ service – before the new, and hopefully much more effective, digital approach was finished and on stream.

“It was a tough and far from pleasant meeting that is etched in the memories of those who were there…

“One of those present who favoured the twin-track approach says: There were voices for writing the whole of the original off. But that would have been too much for Robert Devereux [the DWP’s Permanent Secretary] and IDS.

” So the twin-track approach was settled on – writing a lot of the original IT down rather than simply writing it off. That, in fact, has had some advantages even if technically it was probably the wrong decision…

“It has, however, seen parts of the culture change that Universal Credit involves being rolled out into DWP offices as more have adopted Universal Credit, even if the IT still requires big workarounds.

“More and more offices, for example, have been using the new claimant commitment, which is itself an important part of Universal Credit. So it has been possible to train thousands of staff in that, and get more and more claimants used to it, while also providing feedback for the new build.”

Francis Maude was among those who objected to the twin-track approach, according to leaked minutes of the project oversight board at around this time.

Lord Freud told Timmins,

‘Francis was adamant that we should not go with the live system [that is, the original build]. He wanted to kill it. But we, the DWP, did not believe that the digital system would be ready on anything like the timescales they were talking about then …But I knew that if you killed the live system, you killed Universal Credit…”

In the end the twin-track approach was agreed by a majority. But the development of the ‘agile’ digital service was immediately hampered by a spat over how quickly staff from the GDS were to be withdrawn from the project.

Fury over National Audit Office report

In 2013 the National Audit Office published a report Universal Credit – early progress –  that, for the first time, brought details of the problems on the Universal Credit programme into the public domain. Timmins’ report says that IDS and Lord Freud were furious.

“IDS and, to an only slightly lesser extent, Lord Freud were furious about the NAO report; and thus highly defensive.”

IDS tried to present the findings of the National Audit Office as purely historical.

In November 2014, the NAO reported again on Universal Credit. It once more disclosed something that ministers had not announced – that the timetable had again been put back two years (which raises further questions about why Lord Freud continues to refuse FOI requests that would put into the public domain – and inform MPs – about project problems, risks and delays without waiting for an NAO report to be published)..

Danny Alexander “cut through” bureaucracy

During one period, the Treasury approval of cash became particularly acute. Lord Freud told Timmins:

“We faced double approvals. We had approval about any contract variation from the Cabinet Office and then approvals for the money separately from the Treasury.

“The Government Digital Service got impatient because they wanted to make sure that the department had the ability to build internally rather than going out to Accenture and IBM, who (sic) they hate.

“The approvals were ricocheting between the Cabinet Office and the Treasury and when we were trying to do rapid iteration. That was producing huge delays, which were undermining everything. So in the end Danny Alexander [Lib-dem MP who was chief secretary to the Treasury] said: ‘I will clear this on my own authority.’ And that was crucial. Danny cut through all of that.”

Optimism bias

So-called optimism bias – over-optimism – is “such a common cause of failure in both public and private projects that it seems quite remarkable that it needs restating. But it does – endlessly”.

Timmins says the original Universal Credit white paper – written long before the start of the programme – stated that it would involve “an IT development of moderate scale, which the Department for Work and Pensions and its suppliers are confident of handling within budget and timescale”.

David Pitchford told Timmins,

“One of the greatest adages I have been taught and have learnt over the years in terms of major projects is that hope is not a management tool. Hoping it is all going to come out all right doesn’t cut it with something of this magnitude.

“The importance of having a genuine diagnostic machine that creates recommendations that are mandatory just can’t be overstated. It just changes the whole outcome completely. As opposed to obfuscation and optimism bias being the basis of the reporting framework. It goes to a genuine understanding and knowledge of what is going on and what is going wrong.”

Sir Bob Kerslake, who also identified the ‘good news culture’ of the DWP as being a problem, told Timmins,

“All organisations should have that ability to be very tough about what is and isn’t working. The people at the top have rose-tinted specs. They always do. It goes with the territory.

And unless you are prepared to embrace people saying that ‘really, this is in a bad place’… I can think of points where I have done big projects where it was incredibly important that we delivered the unwelcome news of where we were on that project. But it saved me, and saved my career.”

Recovery?

Timmins makes good arguments for his claim that the Universal Credit programme may be in recovery – but not recovered – and that improvements have been made in governance to allow for decisions to be properly questioned.

But there is no evidence the DWP’s “good news” culture has changed. For instance the DWP says that more than 300,000 people are claiming Universal Credit but the figure has not been audited and it’s unclear whether claimants who have come off the benefit and returned to it – perhaps several times – are being double counted.

Timmins points out the many uncertainties that cloud the future of the Universal Credit programme  – how well the IT will work, whether policy changes will hit the programme, whether enough staff will remain in jobcentres, and whether the DWP will have good relations with local authorities that are key to the delivery of Universal Credit but are under their own stresses and strains with resourcing.

There are also concerns about what changes the Scots and Northern Irish may want under their devolved powers, and the risk that any ‘economic shock’ post the referendum pushes up the volume of claimants with which the DWP has to deal.

 Could Universal Credit fail for non-IT reasons?

Timmins says,

“In seeking to drive people to higher earnings and more independence from the benefits system, there will be more intrusion into and control over the lives of people who are in work than under the current benefits system. And there are those who believe that such an approach – sanctioning people who are already working – will prove to be political dynamite.”

The dire consequences of IT-related failure

It is also worth noting that Universal Credit raises the stakes for the DWP in terms of its payment performance, says Timmins.

“If a tax credit or a Jobseeker’s Allowance payment or any of the others in the group of six go awry, claimants are rarely left penniless in the sense that other payments – for example, Housing Benefit in the case of Jobseeker’s Allowance or tax credits, – continue.

“If a Universal Credit payment fails, then all the support from the state, other than Child Benefit or disability benefits not included within Universal Credit, disappears.”

This happened recently in Scotland when an IT failure left hundreds of families penniless. The DWP’s public response was to describe the failure in Scotland as “small-scale”.

Comment

What a report.

It is easy to see how much work has gone into it. Timmins has coupled his own knowledge of IT-related failure with a thorough investigation into what has gone wrong and what lessons can be learned.

That said it may make no difference. The Institute in its “lessons” report uses phrases such as “government needs to make sure…”. But governments change and new administrations have an abundance – usually a superfluity – of confidence and ambition. They regard learning lessons from the past as putting on brakes or “nay saying”. You have to get with the programme, or quit.

Lessons are always the same

There will always be top-level changes within the DWP. Austerity will always be a factor.  The culture of denial of bad news, over-optimism about what can be achieved by when and how easily it can be achieved, over-expectations of internal capability, over-expectation of what suppliers can deliver, embarking on a huge project without clearly or fully understanding what it will involve, not listening diligently to potential users and ridiculously short timescales are all well-known lessons.

So why do new governments keep repeating them?

When Universal Credit’s successor is started in say 2032, the same mistakes will probably be repeated and the Institute for Government, or its successor, will write another similar report on the lessons to be learned.

When Campaign4Change commented in 2013 that Universal Credit would probably not be delivered before 2020 at the earliest, it was an isolated voice. At the time, the DWP press office – and its ministers – were saying the project was on budget and “on time”.

NPfIT

The National Audit Office has highlighted similar lessons to those in the Timmins report, for example in NAO reports on the NPfIT – the NHS IT programme that was the world’s largest non-military IT scheme until it was dismantled in 2011. It was one of the world’s biggest IT disasters – and none of its lessons was learned on the Universal Credit programme.

The NPfIT had an anti-bad news culture. It did not talk enough to end users. It had ludicrous deadlines and ambitions. The politicians in charge kept changing, as did some of programme leaders. There was little if any effective internal or external challenge. By the time it was dismantled the NPfIT had lost billions.

What the Institute for Government could ask now is, with the emasculation of the Government Digital Service and the absence of a powerful Francis Maude figure, what will stop government departments including the DWP making exactly the mistakes the IfG identifies on big future IT-enabled programmes?

In future somebody needs the power to say that unless there is adequate internal and external challenge this programme must STOP – even if this means contradicting a secretary of state or a permanent secretary who have too much personal and emotional equity in the project to allow it to stop. That “somebody” used to be Francis Maude. Now he has no effective replacement.

Victims

It’s also worth noting in the Timmins report that everyone seems to be a victim, including the ministers. But who are perpetrators? Timmins tries to identify them. IDS does not come out the report smelling of roses. His passion for success proved a good and bad thing.

Whether the direction was forwards or backwards IDS  was the fuel that kept Universal Credit going.  On the other hand his passion made it impossible for civil servants to give him bad news – though Timmins raises questions about whether officials would have imparted bad news to any secretary of state, given the DWP’s culture.

Neither does the DWP’s permanent secretary Robert Devereux emerge particularly well from the report.

How it is possible for things to go so badly wrong with there being nobody to blame? The irony is that the only people to have suffered are the genuine innocents – the middle and senior managers who have most contributed to Universal Credit apparent recovery – people like Terry Moran.

Perhaps the Timmins report should be required reading among all involved in future major projects. Competence cannot be made mandatory. An understanding of the common mistakes can.

Thank you to FOI campaigner Dave Orr for alerting me to the Institute’s Universal Credit reports.

Thanks also to IT projects professional John Slater – @AmateurFOI – who has kept me informed of his FOI requests for Universal Credit IT reports that the DWP habitually refuse. 

Update 18.00 6 September 2016

In a tweet today John Slater ( @AmateurFOI ) makes the important point that he asked the DWP and MPA whether either had held a “lessons learned” exercise in the light of the “reset” of the Universal Credit IT programme. The answer was no.

This perhaps reinforces the impression that the DWP is irredeemably complacent, which is not a good position from which to lead major IT projects in future.

Universal Credit – from disaster to recovery?

Learning the lessons from Universal Credit

 

Can all councils open up like this please – even Barnet?

By Tony Collins

Bitten by misfortune over its outsourcing/joint venture deal with IBM, Somerset County  Council has become more open – which seemed unlikely nearly a decade ago.

In 2007 the council and IBM formed Southwest One, a joint services company owned by IBM. The deal was characterised by official secrecy. Even non-confidential financial information on the deal was off-limits.

That’s no longer the case. Humbled a little by a failure of the outsourcing deal (including a legal action launched by IBM that cost the council’s taxpayers at least £5.9m)  local officials and their lawyers don’t automatically reach for the screens when things go wrong.

In 2014 Somerset County Council published a useful report on the lessons learnt from its Southwest One contract.

The latest disclosure is a report to the council’s audit committee meeting in June. The report focuses on the poor management and lack of oversight by some of Somerset’s officers of a range of contractor contracts. The council has 800 contracts, 87 of which are worth over £1m and some worth a lot more.

Given that the Council is committed to becoming an increasingly commissioning authority, it is likely that the total value of contracts will increase in the medium term, says the audit report by the excellent South West Audit Partnership (SWAP).

SWAP put the risk of contracts not being delivered within budget as “high”, but council officers had put this risk initially at only “medium”. SWAP found that the risk of services falling below expected standards or not delivering was “high” but, at the start of the audit assessment, council officers had put the risk at only “medium”.

somerset county council2One contract costing more than £10m a year had no performance indicators that were being actively monitored, said SWAP.

None of the contracts reviewed had an up-to-date risk register to inform performance monitoring.

No corporate contract performance framework was in place for managing contracts above defined thresholds.

“Some key risks are not well managed,” says the report.

“It is acknowledged that the Council has implemented new contract procedural rules from May 2015 which post-dates the contracts reviewed in this audit; however these procedural rules contain only ‘headline’ statements relating to contract management.

“Most notable in the audit work undertaken was the lack of consistency in terms of the approach to contract management across the contracts reviewed. Whilst good practice was found to be in place in several areas, the level of and approach to management of contracts varied greatly.

“No rationale based on proportionality, value, or risk for this variation was found to be in place. The largest contract reviewed had an annual value of over £10 million but no performance indicators were currently being actively monitored.”

Report withdrawn

Soon after the report was published the council withdrew it from its website. It says the Audit Committee meeting for 3 May has been postponed until June. It’s expected that the audit report will be published (again) shortly before that meeting.

Fortunately campaigner Dave Orr downloaded the audit report before it was taken down.

Comment

How many councils manage outsourcing and other contracts as unpredictably as Somerset but keep quiet about it?

Why, for example, have Barnet’s officers and ruling councillors not made public any full audit reports on the council’s performance in managing its contracts with Capita?

It could be that councils up and down the country are not properly managing their contracts – or are leaving it to the outsourcing companies to reveal when things go wrong.

Would that regular SWAP reports were published for every council.

All public authorities have internal auditors who may well do a good job but their findings, particularly if they are critical of the management of suppliers, are usually kept confidential.

Freedom of information legislation has made councils more open generally, as has guidance the Department for Communities and Local Government issued in 2014.

But none of this has made councils such as Barnet more open about any problems on its outsourcing deals.

Indeed clear and perceptive audit reports such as the one from SWAP are rare in the world of local government.

All of which raises the question of whether one reason some councils love outsourcing is that they can pass responsibility to suppliers for things that go wrong knowing the public may never find out the full truth because secrecy is still endemic in local government.

Thank you to Dave Orr for drawing my attention to the audit report – and its (temporary) withdrawal.

Somerset Council’s (withdrawn) Audit Committee report

Southwest One – the complete story by Dave Orr

DWP “evasive” and “selective” with information on Universal Credit programme

By Tony Collins

Has the Department for Work and Pensions put itself, to some extent, beyond the scrutiny  of Parliament on the Universal Credit IT programme?

Today’s report of the Public Accounts Committee Universal Credit progress update was drafted by the National Audit Office. All of the committee’s reports are effectively more strongly-worded NAO reports.

If the Department for Work and Pensions cannot be open with its own auditors – the National Audit Office audits the department’s annual accounts – are the DWP’s most senior officials in the happy position of being accountable to nobody on the Universal Credit IT programme?

The National Audit Office and the committee found the Department for Work and Pensions “selective or even inaccurate” when giving some information to the committee.

In answering some questions, the committee found officials “evasive”.

Today’s PAC report says:

“We remain disappointed by the persistent lack of clarity and evasive responses by the Department to our inquiries, particularly about the extent and impact of delays. The Department’s response to the previous Committee’s recommendations in the February 2015 report Universal Credit: progress update do not convince us that it is committed to improving transparency about the programme’s progress.”

On the basis of the limited information supplied by the DWP to Parliament the committee’s MPs believe that the Universal Credit has stabilised and made progress since the committee first reported on the programme in 2013, but there “remains a long way to go”.

So far the roll-out has largely involved the simplest of cases, and the ineligibility list for potential UC claimants is long.  By 10 December 2015, fewer than 200,000 people were on the DWP’s UC “caseload” list.

The actual number could be far fewer because the exact number recorded by the DWP by 10 December 2015 (175, 505)  does not include people whose claims have terminated because they have become ineligible by for example having capital more than £16,000 or earning more so that their benefits are reduced to zero.

The plan is to have more than seven million on the benefit, and the timetable for completion of the roll-out has stretched from 2017 originally to 2021,  although some independent experts believe the roll-out will not complete before 2023.

Meanwhile the DWP appears to be controlling carefully the information it gives to Parliament on progress. The committee accuses the DWP in today’s report of making it difficult for Parliament and taxpayers to hold the department to account. Says the report,

“The programme’s lack of clear and specific milestones creates uncertainty for claimants, advisers, and local authorities, and makes it difficult for Parliament and taxpayers to hold the Department to account.”

These are more excerpts from the report:

“In February 2015 the previous Committee of Public Accounts published Universal Credit: progress update … The Department accepted the Committee’s recommendations.

“However, we felt that the Department’s responses were rather weak and lacked specifics, and we were not convinced that it is committed to ensuring there is real clarity on this important programme’s progress.

“As a result, we recalled both the Department and HM Treasury to discuss a number of issues that concerned us, particularly around the business case, the continuing risks of delay, and the lack of transparency and clear milestones.

“Recommendation: The Department should set out clearly how it is tracking the costs of continuing delays, and who is responsible for ensuring benefits are maximised.

“The Department does not publish accessible information about plans and milestones and we are concerned by the lack of detail in the public domain about its expected progress.

“For proper accountability, this information should be published so that the Committee, the National Audit Office and the general public can be clear about progress…

“… the Department did not acknowledge that the slower roll-out affects two other milestones, because it delays the date when existing claimants start to be moved onto Universal Credit and reduces the number of Universal Credit claimants at the end of 2019.

“The flexible adaptation of milestones to circumstances is sensible, but the Department should be open about when this occurs and what the effects are. Instead, the Department’s continued lack of transparency makes it very difficult for us and the public to understand precisely how its plans are shifting.

“Claimants need to know more than just their benefits will change ‘soon’; local authorities need time to prepare additional support; and advisers need to be able to help people that come to them with concerns…

“Recommendation: By May 2016, the Department should set out and report publicly against a wider set of clearly stated milestones, based on ones it currently uses as internal measures, including plans for different claimant groups, local authority areas and for the development and use of new systems. We have set out the areas we expect these milestones to cover in an appendix to this report…

“The Department was selective or even inaccurate when highlighting the findings of its evaluation to us.”

The DWP has two IT projects to deliver UC, one based on its existing major suppliers delivering systems that integrate the simplest of new claims with legacy IT.

The other and more promising solution is a far cheaper “digital service” that is based on agile principles and is, in effect, entirely new IT that could eventually replace legacy systems. It is on trial in a small number of jobcentres.

The DWP’s slowly slowly approach to roll-out means it is reluctant to publish milestones, and it has reached only an early stage of the business case. The final business case is not expected before 2017 and could be later.

The committee has asked the DWP to be more transparent over the business case. It wants detail on:

  • Projected spending, including both investment and running costs for:
  • Live service (split between ‘staff and non staff costs’ and ‘external supplier costs’)
  • Digital service (split between ‘staff and non staff costs’ and ‘external supplier costs’)
  • Rest of programme (split between ‘staff and non staff costs’ and ‘External supplier costs’)
  • Net benefits realised versus forecasts.

Meanwhile the DWP’s response to those who criticise the slow roll-out is to give impressive statistics on the number of jobcentres now processing UC claims, without acknowledging that nearly all of them are processing only the simplest of claims.

Comment

To whom is the DWP accountable on the Universal Credit IT programme? To judge from today’s report it is not the all-party Public Accounts Committee or its own auditors the National Audit Office.

No government has been willing to force Whitehall departments to be properly accountable for their major IT-enabled projects or programmes. Sir Humphrey remains in control.

The last government with Francis Maude at the helm at the Cabinet Office came close to introducing real reforms (his campaign began too forcefully but settled into a good strategy of pragmatic compromise) but his departure has meant that open government and greater accountability for central departments have drifted into the shadows.

The DWP is not only beyond the ability of Parliament to hold it accountable it is spending undisclosed of public money sums on an FOI case to stop three ageing reports on the Universal Credit IT programme being published. The reports are nearly four years old.

Would that senior officials at the DWP could begin to understand a connection between openness and Lincoln’s famous phrase “government of the people, by the people, for the people”.

Public Accounts Committee report Universal Credit, progress update

DWP gives out “selective” information on welfare reform even to its auditors (a similar story in 2015)

Department for Work and Pensions “evasive” – Civil Service World (This article is aimed at its readers who are mostly civil servants. It is likely it will find favour with senior DWP IT staff who will probably mostly agree with the Public Accounts Committee’s view that the DWP hierarchy is, perhaps because of culture, evasive and selective with the information it gives to Parliament and the public.)

 

Are councillors in Somerset ignoring the wisdom of their auditors?

By Tony Collins

It’s good to see auditors in local government doing their job well  – not accepting verbal assurances and seeking proof that all is well with an outsourced system .

But what if councillors apply a lower standard – and accept verbal assurances without checking them?

A  strong report by the South West Audit Partnership [SWAP] went to councillors at Somerset County Council’s Audit Committee on 2 July 2015. The report was about problems with an outsourced system, the Adults Integrated Solution [AIS].

Although not the original supplier, IBM has provided AIS to Somerset County Council under a 10-year outsourcing contract/joint venture – Southwest One –  that was signed in 2007.

The SWAP report said limited progress has been made in implementing the AIS-related recommendations from its 2012-2013 audit report. It added that:

– AIS performance and response times could be “less than adequate for users’ needs”.

– Southwest One was unwilling to develop a service level agreement specifically for the AIS application.

– “Poor response time has led to the disabling of enhanced audit trails/logs that would make it possible to trace and attribute user activity in the system.” SWAP added that this was “worrying” given that the data involved was “sensitive and personal”.

– SWAP had been refused access to the contract between IBM and Northgate, the original supplier of AIS.

Are verbal assurances worth anything?

Having studied AIS from time to time over 2 years, and spoken to its users, SWAP’s auditors have been reluctant, on some of their concerns, to accept verbal assurances that all is well.

When they have sought documentary evidence to support assurances it hasn’t always been forthcoming.

SWAP said in its latest report:

“Verbal assurances were provided that the ToR for AIS Programme Board had been reviewed and that roles and responsibilities in relation to system ownership had been clarified. However, no evidence was provided to support these assurances.”

Now Somerset’s audit committee has done what its auditors wouldn’t do and has accepted verbal assurances that all is well with AIS.

SWAP’s auditors had expressed a multitude of concerns about AIS. But Somerset’s officers verbally assured audit committee councillors that a single upgrade had solved all the problems.

One officer, in a statement, told Dave Orr, a Somerset resident who campaigns for openness over IBM’s relationship with the council:

“I can confirm that all of the fundamental issues raised through the [SWAP] Audit Report [on AIS] have now been addressed…

“The AIS application is one of the top systems used by local authorities for social care services in the UK. The performance issues referred to in the Audit Report were resolved by a system upgrade.”

Comment:

It’s difficult if not impossible to see how a single upgrade could address all the points SWAP made – such as the lack of a service level agreement to cover AIS or the refusal by IBM to supply a copy of its contract with Northgate.

Whenever auditors produce a hard-hitting report there will be 2 opposing sides: defenders of what’s being criticised and the auditors.

It is up to the auditors to cut through any dissimulation, obfuscation and prevarication to identify what’s going well, what isn’t, and what the uncertainties and risks are.

Auditors would not be doing their job if they always accepted verbal assurances at face value.

But what if auditors are undermined by councillors who readily accept verbal assurances from their officers who wish to defend the suppliers?

A supplier that doesn’t have to provide documentary evidence can say anything in defence of its systems and the quality of service.

Somerset’s councillors are lucky to have auditors as independently-minded as SWAP.

It’s unlikely that SWAP would accept at face value the Somerset officer’s suggestion that because AIS is widely used it’s unlikely to be a poor system.

This would be like Ford saying a particular Mondeo is unlikely to be at fault because thousands of people happily own one.

Every IT installation is different, even if the main software package is widely used. The hardware, network configuration, load on the network, facilities and interfaces installed will render every IT installation unique.

It’s conceivable that every council client of AIS could have a trouble-free service except Somerset.

Are the council’s audit committee councillors gullible to accept verbal assurances about the problems with AIS being solved without requiring proof?

Where does this leave the 775 users of Somerset’s AIS, many of whom may be having to do difficult work in managing vulnerable adults while trying to cope with what may be one of the UK’s worst outsourced systems?

Thank you to Dave Orr for providing information that made this post possible.

Pity the 775 users who use this outsourced council system?

SWAP report on AIS for Somerset County Council’s Audit Committee 2 July 2015

SWAP 2012-2013 audit report on AIS

 

 

Pity the 775 users who use this outsourced council system?

By Tony Collins

Adult care systems are a cinderella IT service for councils.

It’s rare for journalists to write about them, for good or ill, perhaps because they help council staff deal with vulnerable adults. Such systems help with payments to care home and hospice providers. They help staff organise facilities for adults with learning disabilities or dementia, and respite care for adults at risk of abuse.

One such system has 775 users in Somerset. It’s a “critical” application according to the county council there.  The Adults Integrated Solution was originally supplied by Northgate. The system became IBM’s responsibility under a 10-year outsourcing and joint venture, Southwest One.

The latest in a series of excellent reports on the system’s enduring problems by auditors the South West Audit Partnership goes to Somerset County Council’s Audit Committee today (2 July 2015).

How bad is bad?

The report says the system’s response times have been so poor  that audit trails and logs have been disabled. So how can IBM and the council trace and attribute user activity in the system – particularly one handling sensitive and personal data?

The report says this disabling of the audit trial and logs is “worrying”.

Auditors reported on the system’s weaknesses in their 2012/2013 audit report.  Since then there has been only “limited progress” in implementing recommendations, says today’s report.

On some of their priority recommendations, auditors say they have been unable to obtain documentary evidence to support implementation. They have received verbal assurances – but they remain concerned.

The report says that AIS performance and response times “can still be less than adequate for users’ needs” and IBM is unwilling to develop a service level agreement specifically for the AIS application.

Indeed IBM has refused to give the county council a copy of the AIS contract with Northgate and it was not made available to the South West Audit Partnership for its audit of the system.

This may prompt councillors to ask how the council can properly manage a critical application if it has no control over the system or the outsourcer.

Repeated audit reports on the problems appear to have left matters unresolved.

Below are some of the concerns of the South West Audit Partnership as mentioned in its 2012/2013 audit report. It reports today that it has received only “partial” assurances that these problems have been solved.

Applications could be unavailable a month or more

Said the South West Audit Partnership: “We have identified in previous audit reports that there is no tested IT disaster recovery strategy. This is a strategy that would be put into effect in the event the Somerset County Council data centre was unavailable for any reason. Although a contract has been signed with Adam Continuity, applications could still be unavailable for a month or even more.”

No formally-named business system owner

“As of November 2014, Helen Wakeling (AIS System Owner) has left Somerset County Council. The responsibility of AIS system ownership needs to be reassigned and formalised.”

Payments to care providers not properly checked?

“… there does not appear to be a process to ensure payments are authorised, appropriate, complete and accurate…

 

IBM has no contractual duty to provide a good system

“There is no contractual requirement or service level for Southwest One [IBM] to provide a platform that delivers performance and response time that is acceptable to ASC [Adult Social Care] Operations.”

Data validation?

“Data quality in AIS data is undermined by the lack of robust input validation within the AIS application.

“Client records can be created with a minimum of information. Key personal identifiers such as data of birth, NI number and NHS number do not need to be entered and this both increases the risk of duplicate records and provides less data with which to identify those that have been created…”

Is IBM hiding AIS contract from the council?

“Southwest One currently owns the contract with Northgate and would not provide SWAP with a copy. As a result SWAP [South West Audit Partnership] was not able to evaluate Northgate’s compliance with the terms of the contract including licensing requirements…”

Personal data at risk?

“It was noted that developers have access to the production environment, unmasked live production data is used by developers and vendors for testing purposes and desktops are not locked down.”

Potential for fraud?

“In addition the authorise function, a security feature available in AIS has not been implemented resulting in all authorisations occurring outside of AIS. As a result data loss, potential corruption of data, incorrect and potentially fraudulent use of the application, missed, inappropriate or additional payments, will not be identified and acted upon.”

Corrupt data?

“In spite of a recent security incident that appeared to result in some data corruption, there is no reporting in place or review of user, super user or generic user access for appropriateness.”

Can former staff still log on?

“Terminated users were identified with valid AIS access credentials. Just less than 10% of managers with access were found to be no longer employed. In addition user ids are not disabled after not being used for a period of time.”

Unattended screens?

“The time-out for the application is 1 hour. Although users typically leave the application on and lock the screen when they go out to lunch, this process is inefficient, leaving sessions unavailable for others and insecure, since the user could forget to lock their screen and allow bypass of all security.”

System security?

“We also identified in our capacity management audit that desktop lock-down is not in effect and as a result AIS data can be downloaded and copied to USB flash storage. SWAP recommended data security policies be developed and implemented …”

**

Dave Orr who has followed events at Somerset closely since the county council signed the Southwest One contract in 2007 has written to audit committee councillors about the AIS system.

One of his questions is how the council could have transferred a critical application to IBM without its being protected by any specific service level agreement.

Orr says: “I do not believe that an in-house IT service, with a head of IT in the direct employ of this council, would be allowed to leave these serious shortcomings in performance, audit logging and disaster recovery unaddressed.”

Comment

So much for the claims back in 2007, when the council and IBM formed Southwest One, that the services would be “beyond excellence”.

If this is the worst outsourced system in the UK where does that leave the 775 council users who no doubt are trying to do their best for the vulnerable adults in their community?

Thank you to Dave Orr for providing the information on which this article is based.

Universal Credit at “amber/red” says latest DWP report

By Tony Collins

The Major Projects Authority, which is part of the Cabinet Office’s Efficiency and Reform Group, has today published its annual report on 188 projects including Universal Credit, about which it makes only positive comments.

But the authority’s annual report is, it appears, economical with the actualité. At the same time as the MPA published the report, the Department for Work and Pensions published a spreadsheet with statistics and its own narrative on the state of its major projects including the Universal Credit programme.

The spreadsheet said that the UC programme had an “amber/red” rating – but neither the MPA nor the Department for Work and Pensions has given the MPA’s reasons for the rating.

At the request of permanent secretaries the MPA has agreed not to publish its comments on the traffic light status of certain projects, including Universal Credit. The MPA and the Cabinet Office have agreed to allow officials in each departmental to give their own narrative to explain the traffic light status of their projects.

So the DWP, on its website, gives a summary of the state of its major projects, but its narrative on Universal Credit says nothing about the programme’s problems. Neither is there any of the MPA’s recommendations which related to the “amber/red” rating.

In a further shrinking from openness, the MPA and Cabinet Office have agreed with permanent secretaries that the traffic light status of major projects will be published only when they are out of date. So the “amber/red” rating on Universal Credit, although published today, is dated September 2014.

Comment

It is odd in a modern democracy that a large central government department – the DWP – can spend £330m on the IT for a major project and get away with publishing such obviously contradictory information on the scheme.

On the one hand the MPA, the Cabinet Office and the DWP publish only positive comments about progress on the Universal Credit programme.

These are some of the MPA’s comments on Universal Credit:

“Delivery remains on track against plans announced in September 2014. Additionally the Programme has brought forward testing of initiatives from which the programme can learn including the:

• Continued trialling of Universal Support in partnership areas to ensure the right integrated local foundations are in place to support UC expansion.

• Extending In work progression trials to help households increase their earnings once they have found work. • Extending the role of UC Work Coaches to engage with households at their work search interview to assess financial capability.”

Similarly the DWP’s comments in its spreadsheet on the status of its major projects reads like a government press release. Why was one of the government’s major projects – the whole life project costs of UC are estimated at £15.8bn – given an amber/red status?

We don’t know. Except we know that the MPA gives an amber/red rating when it regards a programme as not on track – a programme that needs an assurance and action plan to improve confidence in delivery. Why is the programme not on track? What does the assurance and action plan say? What is the rating today?

So much for open government. Indeed the DWP’s external lawyers are going to an FOI tribunal in London next month as part of a long legal battle to stop four old reports on Universal Credit being published.

Any ministerial announcements about open government in future should, perhaps, take this unedifying FOI episode into account.

Major Projects Authority annual report 2014/2015