Category Archives: IBM

Days from taking back outsourced IT, Somerset Council is unsure what it’ll find

By Tony Collins

Facing the TV cameras, officials at Somerset County Council spoke with confidence about the new joint venture company they had set up with the “world-class” IT supplier IBM.

“The contract has to succeed; we will make it succeed, ” a senior official said at the time. Greater choice for residents, more control, sustained improvement of services, improved efficiency, tens of millions in savings and enhanced job prospects for staff.

These were some of the promises in 2007.

Since then, Somerset County Council has been through a costly legal dispute with IBM; projected savings have become losses, and Somerset is days away from taking back the service early.

Now the council faces new IT-related risks to its reputation and finances, warns a team of auditors.

In several audit reports on the exit arrangements, auditors warn of a series of uncertainties about:

  •  what exactly IT assets the council will own as of 1 December 2016, when the joint venture hands back IT and staff.
  • how much software may not be licensed, therefore being used illicitly.
  • how much software is being paid for without being needed or used, wasting council tax money.
  • whether thousands of pieces of hardware have been disposed of securely over the years of the contract, or whether confidential data could later turn up in the public domain.
  • the accuracy of some supplied information. “… the same networking hardware items have the same value associated with them even though one is twelve years old and the other only four” said auditors.

Comment

That Somerset County Council laments setting up the Southwest One joint venture with IBM is not new. What continues to surprise is the extent of the difficulties of ending the joint venture cleanly – despite months, indeed more than a year – of preparatory work.

The realty is that uncertainties and risks abound.

When IT journalists ask leading councillors and officers at the start of outsourcing/joint venture deals whether all the most potentially serious risks have been given proper consideration, the spokespeople inevitably sound supremely confident.

If things go wrong, they are sure the council will be able to take back the service under secure arrangements that have been properly planned and written into the contract.

Yet today some of the most potentially serious risks to Somerset’s finances and reputation come from continuing threats such as the possibility confidential data being found on old hardware not securely disposed of.

Or the council may be paying for unneeded software licences.

In short Somerset County Council is taking back the IT service on 1 December 2016 without being certain what it will find.

In future, therefore, when councillors and officials across the country talk with supreme confidence at the start of an outsourcing deal or joint venture about large savings, sustained efficiencies, and a step-change improvement in services that comes with the benefits of collaborating with a world-class private-sector partner, local residents will have every right to be deeply sceptical.

For the reality is more likely to be that the council and its world-class supplier are about to embark on a journey into the unknown.

Thank you to campaigner Dave Orr for alerting me to the council audit reports that made this post possible.

TV broadcast in 2007 days after the council and IBM signed the Southwest One joint venture deal.

**

Excerpts from reports due to be considered by Somerset County Council’s Audit Committee next week (29 November 2016):

“… laptops, servers, storage devices, networking equipment, etc.) have been disposed of without the correct documentation historically, throughout the term with SWO [Southwest One]. There is a high likelihood that without the documentation to show that SWO were meant to have previously disposed of any specific data baring assets in a compliant manner then subsequent fines and loss of reputation will need to be dealt with by the Council.

“This is being addressed as part of the exit works but initial investigations show an expected lack of documentation.

**

“The quality of asset management and therefore exposure to risk (over and above this inherited risk) is expected to improve significantly once asset management returns to SCC [Somerset County Council).”

**

“Asset locations have been updated and improved though there are still issues regarding all asset details not being recorded accurately in the Asset Register. There is a risk that if wrong details are recorded against an asset then incorrect decisions could be made regarding these assets which may in turn cause the Council financial loss and/or loss of reputation.”

**

“… the same networking hardware items have the same value associated with them even though one is twelve years old and the other only four.”

**

“Software assets are now included in the monthly asset register report though the information collected and lack of correlation to meaningful license information means the original risk is not fully mitigated.

“This continued lack of software asset usage information against licensing proof of entitlement as well as the obvious risk of illegally using non licensed software there is also a risk that the Council is wasting public funds and Council officer’s time to manage unnecessary software. This means the Council will not be able to show “Best Value” in these purchases which could lead to fines being imposed by Central Government and loss of reputation by the inefficiencies being reported in the media.”

**

“I cannot though see evidence of the warranty & support arrangements being recorded or accurate recording of end of life assets. Due to a lack of or incorrect detail on the asset information there is the risk of incorrect decisions being made regarding an asset’s usage which could then lead to loss of money or reputation for the Council.”

MPs to debate Capita NHS contract today

By Tony Collins

In the House of Commons today MPs will debate the Capita Primary Care Support Services contract.

It has been secured by Coventry North West MP Geoffrey Robinson, who wants GPs to be compensated for the failures arising from the outsourcing contract.

The debate comes a day after the BBC reported that “more than 9,000 patients’ records in Norfolk, Suffolk and Essex have gone missing” since Capita took on the task of transferring files.

As part of its contract Capita took on the job of transferring patients’ records, when people move from one GP to another.

A BBC survey of 78 GP practices showed that 9,009 records had been missing for more than two months.

Capita told the BBC it did not “recognise these claims”.

An NHS England spokesman said, “We know there have been serious issues with services delivered by Capita which have had an unacceptable impact on practices. We are ensuring Capita takes urgent steps to improve services.”

Patients “at risk”

Paul Conroy, a practice manager in Essex, has started a House of Commons petition on the delays, which has been signed by more than 3,000 people. It calls for an inquiry into the Capita contract and the impact it has had on GP practices.

“GPs rely on that full medical history in order to make key clinical decisions on patient care,” he said.

“If they can’t get hold of that physical record there could be vital information there could be vital information that puts a patient at risk.”

James Dillon, director of Practice Index – an organisation bringing together practice managers – told the BBC,

“GP practices are getting more and more frustrated by the missing patient records.

“Not only is this debacle putting the health of their patients at risk, it is putting added pressure on already stretched practices.”

In a statement, Capita said it had taken on the “challenging initiative” to streamline GP support services and there had been “teething problems”.

“[But] medical records are now being delivered securely up to three times faster than under the previous system,” it said.

“We do not recognise these claims regarding thousands of files being missing whatsoever.

“We request and move on average 100,000 files a week from multiple sites including GP surgeries and also third party run storage facilities which are contracted and managed by NHS England.”

GP magazine Pulse quoted MP Geoffrey Robinson as saying that the secretary of state should intervene directly “as this is extremely dangerous”. Robinson said that some medical records are not being delivered at all, or delivered late or delivered to the wrong practices.

Dr Richard Vautrey, deputy chairman of the British Medical Association’s GP Committee said that the problems arising from the outsourcing contract “are directly impacting on the ability of many GPs to provide safe, effective care to their patients in the area”.

He said, “They are in some cases being left without the essential information they need to know about a new patient and the tools to treat them.”

In August 2016, NHS England published the results of a User Satisfaction Survey of primary care support services over the previous six months. Only 21% of GPs were satisfied with the outsourced service, giving it an average overall score of 2.91 out of 10.

Lunacy?

An anonymous GP told Pulse how the problems are affecting him. He refers to the “performers list” that assures the public that GPs are suitably qualified, have up to date training, have appropriate English language skills and have passed other relevant checks such as with the Disclosure and Barring Service and the NHS Litigation Authority.

Said the GP,

“I moved 12 months ago and still haven’t been able to transfer performers list. I am 6 months late for my appraisal and unemployable except for my current salaried job as a result.

” It would have been easier to emigrate. The department responsible for the performers list at Capita is uncontactable except via a national email that isn’t responded to and a phone line that isn’t able to put you through to anyone.

“… As it is it’s virtually impossible to move region if you a UK GP. I am basically a slave bonded to a geographical region, forbidden to move house and work anywhere else other than short periods. Totally at the mercy of a faceless uninterested bureaucracy incapable of helping. Lunacy and utterly depressing. Why the hell did I become a GP? I curse the day.”

“I urgently need my medical records”

A patient who wrote to Campaign4Change said,

“My medical records were requested at the beginning of June 2016 when I changed to another health centre about 2 miles away.

“[I] phoned Capita today and was told there was no record of this request and to get my solicitor to contact them. Then they put the phone down. I don’t have and cannot afford a solicitor.

“I urgently need my medical records with my new doctor and am feeling helpless and extremely stressed by this.”

Pulse magazine reported yesterday (7 November 2016) the results of a snapshot survey of 281 GP practices carried out by the BMA’s GP Committee. It found:

  • 31% of practices had received incorrect patient records;
  • 28% failed to receive or have records collected from them on the date agreed with Capita;
  • 58% reported that new patient registrations were not processed within the required three days.
  • 81% of urgent requests for records were not actioned within three weeks.

GP practices also noted a reduction in the number of incorrect payments and fewer delays in registrations of the “performers list”.

Comment

It would be a pity if MPs today, in criticising Capita, lost sight of the bigger picture: how such outsourcing deals are considered and awarded.

The root of the problem is that before the contract is awarded officials concentrate their attention on the minutiae of the benefits: exactly how much will be saved, and how this will be achieved.

Pervading the pre-contract literature and discussions are the projected savings. This is understandable but wrong.

It’s understandable because it’s the projected savings that justify the sometimes-exciting time and effort that go into the pre-contract negotiations and discussions.

Large amounts of money are at stake. For officials, the pre-contract work can be a euphoric time – certainly more interesting than the day-to-day routine.

But what happens to negotiation and discussion of risk?

Risk is a table or two at the back of the reports. It’s a dry, uninspiring vaguely technical and points-scoring analysis of the likelihood of adverse events and the seriousness of the consequences materialising.

Sometimes the most serious risks are highlighted in red. But there’s always a juxtaposed “mitigation” strategy that appears to reassure. Indeed it appears to cancel out any reason for concern.

Risk is mentioned at the back of the internal pre-contract because it’s a cultural anathema. It’s the equivalent of visits by Building Regulations inspectors at a theme park under construction.

Who wants to talk about risk when a contract worth hundreds of millions of pounds is about to be awarded?

A bold official may dare to point out the horror stories arising from previous outsourcing contracts. That hapless individual will then be perceived by the outsourcing advisory group to have a cloud over his or her head. Not one of us.

And the horror stories will be dismissed by the officer group as the media getting it wrong as usual. The horror stories, it will be explained, were in fact successes.

Even when big public sector outsourcing deals end in a legal action between the main parties, officials and the supplier will later talk – without explanation or detail or audited accounts –  of the contract’s savings and overall success.

We’re seeing this on the Southwest One outsourcing/joint venture contract.

No doubt some will claim the GP contract support contract is a success. They’ll describe problems as teething. Marginalise them. And later, when it comes to the awarding of future contracts, supporters of the GP outsourcing contract will be believed over the critics.

And so the cycle of pre-contract outsourcing euphoria and post-contract rows over failure will be repeated indefinitely.

It would be of more use if MPs today debated the role of NHS England in the award of the GP support contract.

Blaming Capita will do little good. The supplier will face some minor financial penalties and will continue to receive what it is contractually due.

Countless National Audit Office reports show how contracts between the public and private sectors, when it comes to the crunch, strongly protect the supplier’s interests. The public sector doesn’t usually have a leg to stand on.

A focus today on Capita would be a missed opportunity to do some lasting good.

NHS England letter on Capita contract – September 2016

Capita NHS contract under scrutiny after “teething” problems – June 2016

GPs decry Capita’s privatised services as shambles – The Guardian

Did NHS England consider us in the Capita take-over?

NHS England vows to hold Capita to account

Capita mistakenly flags up to 15% of GP practice patients for removal  

Capita primary care support service performance “unacceptable”

 

 

 

Excellent reports on lessons from Universal Credit IT project published today – but who’s listening?

By Tony Collins

“People burst into tears, so relieved were they that they could tell someone what was happening.”

The Institute for Government has today published one of the most incisive – and revelatory – reports ever produced on a big government IT project.

It concludes that the Universal Credit IT programme may now be in recovery after a disastrous start, but recovery does not mean recovered. Much could yet floor the programme, which is due to be complete in 2022.

The Institute’s main report is written by Nick Timmins, a former Financial Times journalist, who has written many articles on failed publicly-funded IT-based projects.

His invaluable report, “Universal Credit – from disaster to recovery?” – includes interviews with David Pitchford, a key figure in the Universal Credit programme, and Howard Shiplee who led the Universal Credit project.

Timmins also spoke to insiders, including DWP directors, who are not named, and the former secretary of state at the Department for Work and Pensions Iain Duncan Smith and the DWP’s welfare reform minster Lord Freud.

Separately the Institute has published a shorter report “Learning the lessons from Universal Credit which picks out from Timmins’ findings five “critical” lessons for future government projects. This report, too, is clear and jargon-free.

Much of the information on the Universal Credit IT programme in the Timmins report is new. It gives insights, for instance, into the positions of Universal Credit’s major suppliers HP, IBM, Accenture.

It also unearths what can be seen, in retrospect, to be a series of self-destructive decisions and manoeuvres by the Department for Work and Pensions.

But the main lessons in the report – such as an institutional and political inability to face up to or hear bad news – are not new, which raises the question of whether any of the lessons will be heeded by future government leaders – ministers and civil servants – given that Whitehall departments have been making the same mistakes, or similar ones, for decades?

DWP culture of suppressing any bad news continues

Indeed, even as the reports lament a lack of honesty over discussing or even mentioning problems – a “culture of denial” – Lord Freud, the minister in charge of welfare reform, is endorsing FOI refusals to publish the latest risk registers, project assessment reviews and other Universal Credit reports kept by the Department for Work and Pensions.

More than once Timmins expresses his surprise at the lack of information about the programme that is in the public domain. In the “acknowledgements” section at the back of his report Timmins says,

“Drafts of this study were read at various stages by many of the interviewees, and there remained disputes not just about interpretation but also, from some of them, about facts.

“Some of that might be resolvable by access to the huge welter of documents around Universal Credit that are not in the public domain. But that, by definition, is not possible at this stage.”

Churn of project leaders continues

Timmins and the Institute warn about the “churn” of project leaders, and the need for stable top jobs.

But even as the Institute’s reports were being finalised HMRC was losing its much respected chief digital officer Mark Dearnley, who has been in charge of what is arguably the department’s riskiest-ever IT-related programme, to transfer of legacy systems to multiple suppliers as part of the dismantling of the £8bn “Aspire” outourcing venture with Capgemini.

Single biggest cause of Universal Credit’s bad start?

Insiders told Timmins that the fraught start of Universal Credit might have been avoided if Terry Moran had been left as a “star” senior responsible owner of the programme. But Moran was given two jobs and ended up having a breakdown.

In January 2011, as the design and build on Universal Credit started, Terry Moran was given the job of senior responsible owner of the project but a few months later the DWP’s permanent secretary Robert Devereux took the “odd” decision to make Moran chief operating officer for the entire department as well. One director within the DWP told Timmins:

“Terry was a star. A real ‘can do’ civil servant. But he couldn’t say no to the twin posts. And the job was overwhelming.”

The director claimed that Iain Duncan Smith told Moran – a point denied by IDS – that if Universal Credit were to fail that would be a personal humiliation and one he was not prepared to contemplate. “That was very different from the usual ministerial joke that ‘failure is not an option’. The underlying message was that ‘I don’t want bad news’, almost in words of one syllable. And this was in a department whose default mode is not to bring bad news to the top. ‘We will handle ministers’ is the way the department operates…”

According to an insider, “Terry Moran being given the two jobs was against Iain’s instructions. Iain repeatedly asked Robert [Devereux] not to do this and Robert repeatedly gave him assurances that this would be okay” – an account IDS confirms. In September 2012, Moran was to have a breakdown that led to early retirement in March 2013. He recorded later for the mental health charity Time to Talk that “eventually, I took on more and more until the weight of my responsibilities and my ability to discharge them just grew too much for me”.

Timmins was told, “You cannot have someone running the biggest operational part of government [paying out £160bn of benefits a year] and devising Universal Credit. That was simply unsustainable,”

Timmins says in his report, “There remains a view among some former and current DWP civil servants that had that not happened (Moran being given two jobs), the programme would not have hit the trouble it did. ‘Had he been left solely with responsibility for UC [Universal Credit], I and others believe he could have delivered it, notwithstanding the huge challenges of the task,’ one says.”

Reviews of Universal IT “failed”

Timmins makes the point that reviews of Universal Credit by the Major Projects Authority failed to convey in clear enough language that the Universal Credit programme was in deep trouble.

“The [Major Projects Authority] report highlighted a lack of sufficient substantive action on the points raised in the March study. It raised ‘high’ levels of concern about much of the programme – ‘high’ being a lower level of concern than ‘critical’. But according to those who have seen the report, it did not yet say in words of one syllable that the programme was in deep trouble.”

Iain Duncan Smith told Timmins that the the Major Projects review process “failed me” by not warning early enough of fundamental problems. It was the ‘red team’ report that did that, he says, and its contents made grim reading when it landed at the end of July in 2012.

Train crash on the way

The MPA [Cabinet Office’s Major Projects Authority] reviewed the programme in March 2011. “MPA reports are not in the public domain. But it is clear that the first of these flagged up a string of issues that needed to be tackled …

” In June a member of the team developing the new government’s pan-government website – gov.uk – was invited up to Warrington [base for the Universal Credit IT team] to give a presentation on how it was using an agile approach to do that.

“At the end of the presentation, according to one insider, a small number from the audience stayed behind, eyeing each other warily, but all wanting to talk. Most of them were freelancers working for the suppliers. ‘Their message,’ the insider says, ‘was that this was a train crash on the way’ – a message that was duly reported back to the Cabinet Office, but not, apparently, to the DWP and IDS.”

Scared to tell the truth

On another occasion when the Major Projects Authority visited the IT team at Warrington for the purposes of its review, the review team members decided that “to get to the truth they had to make people not scared to tell the truth”. So the MPA “did a lot of one-on-one interviews, assuring people that what they said would not be attributable. And under nearly every stone was chaos.

“People burst into tears, so relieved were they that they could tell someone what was happening.

” There was one young lad from one of the suppliers who said: ‘Just don’t put this thing [Universal Credit] online. I am a public servant at heart. It is a complete security disaster.’

IBM, Accenture and HP

“Among those starting to be worried were the major suppliers – Accenture, HP and IBM. They started writing formal letters to the department.

‘Our message,’ according to one supplier, ‘was: ‘Look, this isn’t working. We’ll go on taking your money. But it isn’t going to work’.’ Stephen Brien [then expert adviser to IDS] says of those letters: ‘I don’t think Iain saw them at that time, and I certainly didn’t see them at the time.”

At one point “serious consideration was given to suing the suppliers but they had written their warning letters and it rapidly became clear that that was not an option”.

Howard Shiplee, former head of the project, told Timmins that he had asked himself ‘how it could be that a very large group of clever people drawn from the DWP IT department with deep experience of the development and operation of their own massive IT systems and leading industry IT suppliers had combined to get the entire process so very wrong? Equally, ‘how could another group of clever people [the GDS team] pass such damning judgement on this earlier work and at the stroke of a pen seek to write off millions of pounds of taxpayers’ money?’

Shiplee commissioned a review from PwC on the work carried out to date and discovered that the major suppliers “were genuinely concerned to have their work done properly, support DWP and recover their reputations”.

In addition, when funding had been blocked at the end of 2012, the suppliers “had not simply downed tools but had carried on development work for almost three months” as they ran down the large teams that had been working on it.

“As a result, they had completed the development for single claimants that was being used in the pathfinder and made considerable progress on claims for couples and families. And their work, the PwC evaluation said, was of good quality.”

On time?

When alarm bells finally started ringing around Whitehall that Universal Credit was in trouble,  IDS found himself under siege. Stephen Brien says IDS was having to battle with the Treasury to keep the funding going for the project. He had to demonstrate that the programme was on time and on budget.

‘The department wanted to support him in that, and didn’t tell him all the things that were going wrong. I found out about some of them, but I didn’t push as hard as I should have. And looking back, the MPA [Major Projects Authority] meetings and the MPA reports were all handled with a siege mentality. We all felt we had to stand shoulder to shoulder defending where we were and not really using them to ask: ‘Are we where we should be?’

‘As a result we were not helping ourselves, and we certainly were not helping others, including the MPA. But we did get to the stage between the end of 2011 and the spring of 2012 where we said: ‘Okay, let’s get a red team in with the time and space to do our own challenge.’”

The DWP’s “caste” system

A new IT team was created in Victoria Street, London – away from Warrington but outside the DWP’s Caxton Street headquarters. It started to take a genuinely agile approach to the new system. One of those involved told Timmins:

“It had all been hampered by this caste system in the department where there is a policy elite, then the operational people, and then the technical people below that.

“And you would say to the operational people: ‘Why have you not been screaming that this will never work?’ And they’d say: ‘Well, we’re being handed this piece of sh** and we are just going to have to make it work with workarounds, to deal with the fact that we don’t want people to starve. So we will have to work out our own processes, which the policy people will never see, and we will find a way to make it work.’

Twin-track approach

IBM, HP and Accenture built what’s now known as the “live” system which enabled Universal Credit to get underway, and claims to be made in jobcentres.

It uses, in part, the traditional “waterfall” approach and has cost hundreds of millions of pounds. In contrast there’s a separate in-house “digital” system that has cost less than £10m and is an “agile” project.

A key issue, Shiplee told Timmins, was that the new digital team “would not even discuss the preceding work done by the DWP and its IT suppliers”. The digital team had, he says, “a messiah-like approach that they were going to rebuild everything from scratch”.

Rather than write everything off, Shiplee wanted ideally to marry the “front-end” apps that the GDS/DWP team in Victoria Street was developing with the work already done. But “entrenched attitudes” made that impossible. The only sensible solution, he decided, was a “twin-track” approach.

“The Cabinet Office remained adamant that the DWP should simply switch to the new digital version – which it had now become clear, by late summer, would take far longer to build than they anticipated – telling the DWP that the problem was that using the original software would mean ‘creating a temporary service, and temporary will become permanent’.

“All of which led to the next big decision, which, to date, has been one of the defining ones. In November 2013, a mighty and fraught meeting of ministers and officials was convened. Pretty much everyone was there. The DWP ministers, Francis Maude (Cabinet Office minister), Oliver Letwin who was Cameron’s policy overlord, Sir Jeremy Heywood, the Cabinet Secretary, Sir Bob Kerslake, the head of the home civil service, plus a clutch of DWP officials including Robert Devereux and Howard Shiplee as the senior responsible owner along with Danny Alexander and Treasury representatives.

“The decision was whether to give up on the original build, or run a twin-track approach: in other words, to extend the use of the original build that was by now being used in just over a dozen offices – what became dubbed the ‘live’ service – before the new, and hopefully much more effective, digital approach was finished and on stream.

“It was a tough and far from pleasant meeting that is etched in the memories of those who were there…

“One of those present who favoured the twin-track approach says: There were voices for writing the whole of the original off. But that would have been too much for Robert Devereux [the DWP’s Permanent Secretary] and IDS.

” So the twin-track approach was settled on – writing a lot of the original IT down rather than simply writing it off. That, in fact, has had some advantages even if technically it was probably the wrong decision…

“It has, however, seen parts of the culture change that Universal Credit involves being rolled out into DWP offices as more have adopted Universal Credit, even if the IT still requires big workarounds.

“More and more offices, for example, have been using the new claimant commitment, which is itself an important part of Universal Credit. So it has been possible to train thousands of staff in that, and get more and more claimants used to it, while also providing feedback for the new build.”

Francis Maude was among those who objected to the twin-track approach, according to leaked minutes of the project oversight board at around this time.

Lord Freud told Timmins,

‘Francis was adamant that we should not go with the live system [that is, the original build]. He wanted to kill it. But we, the DWP, did not believe that the digital system would be ready on anything like the timescales they were talking about then …But I knew that if you killed the live system, you killed Universal Credit…”

In the end the twin-track approach was agreed by a majority. But the development of the ‘agile’ digital service was immediately hampered by a spat over how quickly staff from the GDS were to be withdrawn from the project.

Fury over National Audit Office report

In 2013 the National Audit Office published a report Universal Credit – early progress –  that, for the first time, brought details of the problems on the Universal Credit programme into the public domain. Timmins’ report says that IDS and Lord Freud were furious.

“IDS and, to an only slightly lesser extent, Lord Freud were furious about the NAO report; and thus highly defensive.”

IDS tried to present the findings of the National Audit Office as purely historical.

In November 2014, the NAO reported again on Universal Credit. It once more disclosed something that ministers had not announced – that the timetable had again been put back two years (which raises further questions about why Lord Freud continues to refuse FOI requests that would put into the public domain – and inform MPs – about project problems, risks and delays without waiting for an NAO report to be published)..

Danny Alexander “cut through” bureaucracy

During one period, the Treasury approval of cash became particularly acute. Lord Freud told Timmins:

“We faced double approvals. We had approval about any contract variation from the Cabinet Office and then approvals for the money separately from the Treasury.

“The Government Digital Service got impatient because they wanted to make sure that the department had the ability to build internally rather than going out to Accenture and IBM, who (sic) they hate.

“The approvals were ricocheting between the Cabinet Office and the Treasury and when we were trying to do rapid iteration. That was producing huge delays, which were undermining everything. So in the end Danny Alexander [Lib-dem MP who was chief secretary to the Treasury] said: ‘I will clear this on my own authority.’ And that was crucial. Danny cut through all of that.”

Optimism bias

So-called optimism bias – over-optimism – is “such a common cause of failure in both public and private projects that it seems quite remarkable that it needs restating. But it does – endlessly”.

Timmins says the original Universal Credit white paper – written long before the start of the programme – stated that it would involve “an IT development of moderate scale, which the Department for Work and Pensions and its suppliers are confident of handling within budget and timescale”.

David Pitchford told Timmins,

“One of the greatest adages I have been taught and have learnt over the years in terms of major projects is that hope is not a management tool. Hoping it is all going to come out all right doesn’t cut it with something of this magnitude.

“The importance of having a genuine diagnostic machine that creates recommendations that are mandatory just can’t be overstated. It just changes the whole outcome completely. As opposed to obfuscation and optimism bias being the basis of the reporting framework. It goes to a genuine understanding and knowledge of what is going on and what is going wrong.”

Sir Bob Kerslake, who also identified the ‘good news culture’ of the DWP as being a problem, told Timmins,

“All organisations should have that ability to be very tough about what is and isn’t working. The people at the top have rose-tinted specs. They always do. It goes with the territory.

And unless you are prepared to embrace people saying that ‘really, this is in a bad place’… I can think of points where I have done big projects where it was incredibly important that we delivered the unwelcome news of where we were on that project. But it saved me, and saved my career.”

Recovery?

Timmins makes good arguments for his claim that the Universal Credit programme may be in recovery – but not recovered – and that improvements have been made in governance to allow for decisions to be properly questioned.

But there is no evidence the DWP’s “good news” culture has changed. For instance the DWP says that more than 300,000 people are claiming Universal Credit but the figure has not been audited and it’s unclear whether claimants who have come off the benefit and returned to it – perhaps several times – are being double counted.

Timmins points out the many uncertainties that cloud the future of the Universal Credit programme  – how well the IT will work, whether policy changes will hit the programme, whether enough staff will remain in jobcentres, and whether the DWP will have good relations with local authorities that are key to the delivery of Universal Credit but are under their own stresses and strains with resourcing.

There are also concerns about what changes the Scots and Northern Irish may want under their devolved powers, and the risk that any ‘economic shock’ post the referendum pushes up the volume of claimants with which the DWP has to deal.

 Could Universal Credit fail for non-IT reasons?

Timmins says,

“In seeking to drive people to higher earnings and more independence from the benefits system, there will be more intrusion into and control over the lives of people who are in work than under the current benefits system. And there are those who believe that such an approach – sanctioning people who are already working – will prove to be political dynamite.”

The dire consequences of IT-related failure

It is also worth noting that Universal Credit raises the stakes for the DWP in terms of its payment performance, says Timmins.

“If a tax credit or a Jobseeker’s Allowance payment or any of the others in the group of six go awry, claimants are rarely left penniless in the sense that other payments – for example, Housing Benefit in the case of Jobseeker’s Allowance or tax credits, – continue.

“If a Universal Credit payment fails, then all the support from the state, other than Child Benefit or disability benefits not included within Universal Credit, disappears.”

This happened recently in Scotland when an IT failure left hundreds of families penniless. The DWP’s public response was to describe the failure in Scotland as “small-scale”.

Comment

What a report.

It is easy to see how much work has gone into it. Timmins has coupled his own knowledge of IT-related failure with a thorough investigation into what has gone wrong and what lessons can be learned.

That said it may make no difference. The Institute in its “lessons” report uses phrases such as “government needs to make sure…”. But governments change and new administrations have an abundance – usually a superfluity – of confidence and ambition. They regard learning lessons from the past as putting on brakes or “nay saying”. You have to get with the programme, or quit.

Lessons are always the same

There will always be top-level changes within the DWP. Austerity will always be a factor.  The culture of denial of bad news, over-optimism about what can be achieved by when and how easily it can be achieved, over-expectations of internal capability, over-expectation of what suppliers can deliver, embarking on a huge project without clearly or fully understanding what it will involve, not listening diligently to potential users and ridiculously short timescales are all well-known lessons.

So why do new governments keep repeating them?

When Universal Credit’s successor is started in say 2032, the same mistakes will probably be repeated and the Institute for Government, or its successor, will write another similar report on the lessons to be learned.

When Campaign4Change commented in 2013 that Universal Credit would probably not be delivered before 2020 at the earliest, it was an isolated voice. At the time, the DWP press office – and its ministers – were saying the project was on budget and “on time”.

NPfIT

The National Audit Office has highlighted similar lessons to those in the Timmins report, for example in NAO reports on the NPfIT – the NHS IT programme that was the world’s largest non-military IT scheme until it was dismantled in 2011. It was one of the world’s biggest IT disasters – and none of its lessons was learned on the Universal Credit programme.

The NPfIT had an anti-bad news culture. It did not talk enough to end users. It had ludicrous deadlines and ambitions. The politicians in charge kept changing, as did some of programme leaders. There was little if any effective internal or external challenge. By the time it was dismantled the NPfIT had lost billions.

What the Institute for Government could ask now is, with the emasculation of the Government Digital Service and the absence of a powerful Francis Maude figure, what will stop government departments including the DWP making exactly the mistakes the IfG identifies on big future IT-enabled programmes?

In future somebody needs the power to say that unless there is adequate internal and external challenge this programme must STOP – even if this means contradicting a secretary of state or a permanent secretary who have too much personal and emotional equity in the project to allow it to stop. That “somebody” used to be Francis Maude. Now he has no effective replacement.

Victims

It’s also worth noting in the Timmins report that everyone seems to be a victim, including the ministers. But who are perpetrators? Timmins tries to identify them. IDS does not come out the report smelling of roses. His passion for success proved a good and bad thing.

Whether the direction was forwards or backwards IDS  was the fuel that kept Universal Credit going.  On the other hand his passion made it impossible for civil servants to give him bad news – though Timmins raises questions about whether officials would have imparted bad news to any secretary of state, given the DWP’s culture.

Neither does the DWP’s permanent secretary Robert Devereux emerge particularly well from the report.

How it is possible for things to go so badly wrong with there being nobody to blame? The irony is that the only people to have suffered are the genuine innocents – the middle and senior managers who have most contributed to Universal Credit apparent recovery – people like Terry Moran.

Perhaps the Timmins report should be required reading among all involved in future major projects. Competence cannot be made mandatory. An understanding of the common mistakes can.

Thank you to FOI campaigner Dave Orr for alerting me to the Institute’s Universal Credit reports.

Thanks also to IT projects professional John Slater – @AmateurFOI – who has kept me informed of his FOI requests for Universal Credit IT reports that the DWP habitually refuse. 

Update 18.00 6 September 2016

In a tweet today John Slater ( @AmateurFOI ) makes the important point that he asked the DWP and MPA whether either had held a “lessons learned” exercise in the light of the “reset” of the Universal Credit IT programme. The answer was no.

This perhaps reinforces the impression that the DWP is irredeemably complacent, which is not a good position from which to lead major IT projects in future.

Universal Credit – from disaster to recovery?

Learning the lessons from Universal Credit

 

Can all councils open up like this please – even Barnet?

By Tony Collins

Bitten by misfortune over its outsourcing/joint venture deal with IBM, Somerset County  Council has become more open – which seemed unlikely nearly a decade ago.

In 2007 the council and IBM formed Southwest One, a joint services company owned by IBM. The deal was characterised by official secrecy. Even non-confidential financial information on the deal was off-limits.

That’s no longer the case. Humbled a little by a failure of the outsourcing deal (including a legal action launched by IBM that cost the council’s taxpayers at least £5.9m)  local officials and their lawyers don’t automatically reach for the screens when things go wrong.

In 2014 Somerset County Council published a useful report on the lessons learnt from its Southwest One contract.

The latest disclosure is a report to the council’s audit committee meeting in June. The report focuses on the poor management and lack of oversight by some of Somerset’s officers of a range of contractor contracts. The council has 800 contracts, 87 of which are worth over £1m and some worth a lot more.

Given that the Council is committed to becoming an increasingly commissioning authority, it is likely that the total value of contracts will increase in the medium term, says the audit report by the excellent South West Audit Partnership (SWAP).

SWAP put the risk of contracts not being delivered within budget as “high”, but council officers had put this risk initially at only “medium”. SWAP found that the risk of services falling below expected standards or not delivering was “high” but, at the start of the audit assessment, council officers had put the risk at only “medium”.

somerset county council2One contract costing more than £10m a year had no performance indicators that were being actively monitored, said SWAP.

None of the contracts reviewed had an up-to-date risk register to inform performance monitoring.

No corporate contract performance framework was in place for managing contracts above defined thresholds.

“Some key risks are not well managed,” says the report.

“It is acknowledged that the Council has implemented new contract procedural rules from May 2015 which post-dates the contracts reviewed in this audit; however these procedural rules contain only ‘headline’ statements relating to contract management.

“Most notable in the audit work undertaken was the lack of consistency in terms of the approach to contract management across the contracts reviewed. Whilst good practice was found to be in place in several areas, the level of and approach to management of contracts varied greatly.

“No rationale based on proportionality, value, or risk for this variation was found to be in place. The largest contract reviewed had an annual value of over £10 million but no performance indicators were currently being actively monitored.”

Report withdrawn

Soon after the report was published the council withdrew it from its website. It says the Audit Committee meeting for 3 May has been postponed until June. It’s expected that the audit report will be published (again) shortly before that meeting.

Fortunately campaigner Dave Orr downloaded the audit report before it was taken down.

Comment

How many councils manage outsourcing and other contracts as unpredictably as Somerset but keep quiet about it?

Why, for example, have Barnet’s officers and ruling councillors not made public any full audit reports on the council’s performance in managing its contracts with Capita?

It could be that councils up and down the country are not properly managing their contracts – or are leaving it to the outsourcing companies to reveal when things go wrong.

Would that regular SWAP reports were published for every council.

All public authorities have internal auditors who may well do a good job but their findings, particularly if they are critical of the management of suppliers, are usually kept confidential.

Freedom of information legislation has made councils more open generally, as has guidance the Department for Communities and Local Government issued in 2014.

But none of this has made councils such as Barnet more open about any problems on its outsourcing deals.

Indeed clear and perceptive audit reports such as the one from SWAP are rare in the world of local government.

All of which raises the question of whether one reason some councils love outsourcing is that they can pass responsibility to suppliers for things that go wrong knowing the public may never find out the full truth because secrecy is still endemic in local government.

Thank you to Dave Orr for drawing my attention to the audit report – and its (temporary) withdrawal.

Somerset Council’s (withdrawn) Audit Committee report

Southwest One – the complete story by Dave Orr

DWP “evasive” and “selective” with information on Universal Credit programme

By Tony Collins

Has the Department for Work and Pensions put itself, to some extent, beyond the scrutiny  of Parliament on the Universal Credit IT programme?

Today’s report of the Public Accounts Committee Universal Credit progress update was drafted by the National Audit Office. All of the committee’s reports are effectively more strongly-worded NAO reports.

If the Department for Work and Pensions cannot be open with its own auditors – the National Audit Office audits the department’s annual accounts – are the DWP’s most senior officials in the happy position of being accountable to nobody on the Universal Credit IT programme?

The National Audit Office and the committee found the Department for Work and Pensions “selective or even inaccurate” when giving some information to the committee.

In answering some questions, the committee found officials “evasive”.

Today’s PAC report says:

“We remain disappointed by the persistent lack of clarity and evasive responses by the Department to our inquiries, particularly about the extent and impact of delays. The Department’s response to the previous Committee’s recommendations in the February 2015 report Universal Credit: progress update do not convince us that it is committed to improving transparency about the programme’s progress.”

On the basis of the limited information supplied by the DWP to Parliament the committee’s MPs believe that the Universal Credit has stabilised and made progress since the committee first reported on the programme in 2013, but there “remains a long way to go”.

So far the roll-out has largely involved the simplest of cases, and the ineligibility list for potential UC claimants is long.  By 10 December 2015, fewer than 200,000 people were on the DWP’s UC “caseload” list.

The actual number could be far fewer because the exact number recorded by the DWP by 10 December 2015 (175, 505)  does not include people whose claims have terminated because they have become ineligible by for example having capital more than £16,000 or earning more so that their benefits are reduced to zero.

The plan is to have more than seven million on the benefit, and the timetable for completion of the roll-out has stretched from 2017 originally to 2021,  although some independent experts believe the roll-out will not complete before 2023.

Meanwhile the DWP appears to be controlling carefully the information it gives to Parliament on progress. The committee accuses the DWP in today’s report of making it difficult for Parliament and taxpayers to hold the department to account. Says the report,

“The programme’s lack of clear and specific milestones creates uncertainty for claimants, advisers, and local authorities, and makes it difficult for Parliament and taxpayers to hold the Department to account.”

These are more excerpts from the report:

“In February 2015 the previous Committee of Public Accounts published Universal Credit: progress update … The Department accepted the Committee’s recommendations.

“However, we felt that the Department’s responses were rather weak and lacked specifics, and we were not convinced that it is committed to ensuring there is real clarity on this important programme’s progress.

“As a result, we recalled both the Department and HM Treasury to discuss a number of issues that concerned us, particularly around the business case, the continuing risks of delay, and the lack of transparency and clear milestones.

“Recommendation: The Department should set out clearly how it is tracking the costs of continuing delays, and who is responsible for ensuring benefits are maximised.

“The Department does not publish accessible information about plans and milestones and we are concerned by the lack of detail in the public domain about its expected progress.

“For proper accountability, this information should be published so that the Committee, the National Audit Office and the general public can be clear about progress…

“… the Department did not acknowledge that the slower roll-out affects two other milestones, because it delays the date when existing claimants start to be moved onto Universal Credit and reduces the number of Universal Credit claimants at the end of 2019.

“The flexible adaptation of milestones to circumstances is sensible, but the Department should be open about when this occurs and what the effects are. Instead, the Department’s continued lack of transparency makes it very difficult for us and the public to understand precisely how its plans are shifting.

“Claimants need to know more than just their benefits will change ‘soon’; local authorities need time to prepare additional support; and advisers need to be able to help people that come to them with concerns…

“Recommendation: By May 2016, the Department should set out and report publicly against a wider set of clearly stated milestones, based on ones it currently uses as internal measures, including plans for different claimant groups, local authority areas and for the development and use of new systems. We have set out the areas we expect these milestones to cover in an appendix to this report…

“The Department was selective or even inaccurate when highlighting the findings of its evaluation to us.”

The DWP has two IT projects to deliver UC, one based on its existing major suppliers delivering systems that integrate the simplest of new claims with legacy IT.

The other and more promising solution is a far cheaper “digital service” that is based on agile principles and is, in effect, entirely new IT that could eventually replace legacy systems. It is on trial in a small number of jobcentres.

The DWP’s slowly slowly approach to roll-out means it is reluctant to publish milestones, and it has reached only an early stage of the business case. The final business case is not expected before 2017 and could be later.

The committee has asked the DWP to be more transparent over the business case. It wants detail on:

  • Projected spending, including both investment and running costs for:
  • Live service (split between ‘staff and non staff costs’ and ‘external supplier costs’)
  • Digital service (split between ‘staff and non staff costs’ and ‘external supplier costs’)
  • Rest of programme (split between ‘staff and non staff costs’ and ‘External supplier costs’)
  • Net benefits realised versus forecasts.

Meanwhile the DWP’s response to those who criticise the slow roll-out is to give impressive statistics on the number of jobcentres now processing UC claims, without acknowledging that nearly all of them are processing only the simplest of claims.

Comment

To whom is the DWP accountable on the Universal Credit IT programme? To judge from today’s report it is not the all-party Public Accounts Committee or its own auditors the National Audit Office.

No government has been willing to force Whitehall departments to be properly accountable for their major IT-enabled projects or programmes. Sir Humphrey remains in control.

The last government with Francis Maude at the helm at the Cabinet Office came close to introducing real reforms (his campaign began too forcefully but settled into a good strategy of pragmatic compromise) but his departure has meant that open government and greater accountability for central departments have drifted into the shadows.

The DWP is not only beyond the ability of Parliament to hold it accountable it is spending undisclosed of public money sums on an FOI case to stop three ageing reports on the Universal Credit IT programme being published. The reports are nearly four years old.

Would that senior officials at the DWP could begin to understand a connection between openness and Lincoln’s famous phrase “government of the people, by the people, for the people”.

Public Accounts Committee report Universal Credit, progress update

DWP gives out “selective” information on welfare reform even to its auditors (a similar story in 2015)

Department for Work and Pensions “evasive” – Civil Service World (This article is aimed at its readers who are mostly civil servants. It is likely it will find favour with senior DWP IT staff who will probably mostly agree with the Public Accounts Committee’s view that the DWP hierarchy is, perhaps because of culture, evasive and selective with the information it gives to Parliament and the public.)

 

Are councillors in Somerset ignoring the wisdom of their auditors?

By Tony Collins

It’s good to see auditors in local government doing their job well  – not accepting verbal assurances and seeking proof that all is well with an outsourced system .

But what if councillors apply a lower standard – and accept verbal assurances without checking them?

A  strong report by the South West Audit Partnership [SWAP] went to councillors at Somerset County Council’s Audit Committee on 2 July 2015. The report was about problems with an outsourced system, the Adults Integrated Solution [AIS].

Although not the original supplier, IBM has provided AIS to Somerset County Council under a 10-year outsourcing contract/joint venture – Southwest One –  that was signed in 2007.

The SWAP report said limited progress has been made in implementing the AIS-related recommendations from its 2012-2013 audit report. It added that:

– AIS performance and response times could be “less than adequate for users’ needs”.

– Southwest One was unwilling to develop a service level agreement specifically for the AIS application.

– “Poor response time has led to the disabling of enhanced audit trails/logs that would make it possible to trace and attribute user activity in the system.” SWAP added that this was “worrying” given that the data involved was “sensitive and personal”.

– SWAP had been refused access to the contract between IBM and Northgate, the original supplier of AIS.

Are verbal assurances worth anything?

Having studied AIS from time to time over 2 years, and spoken to its users, SWAP’s auditors have been reluctant, on some of their concerns, to accept verbal assurances that all is well.

When they have sought documentary evidence to support assurances it hasn’t always been forthcoming.

SWAP said in its latest report:

“Verbal assurances were provided that the ToR for AIS Programme Board had been reviewed and that roles and responsibilities in relation to system ownership had been clarified. However, no evidence was provided to support these assurances.”

Now Somerset’s audit committee has done what its auditors wouldn’t do and has accepted verbal assurances that all is well with AIS.

SWAP’s auditors had expressed a multitude of concerns about AIS. But Somerset’s officers verbally assured audit committee councillors that a single upgrade had solved all the problems.

One officer, in a statement, told Dave Orr, a Somerset resident who campaigns for openness over IBM’s relationship with the council:

“I can confirm that all of the fundamental issues raised through the [SWAP] Audit Report [on AIS] have now been addressed…

“The AIS application is one of the top systems used by local authorities for social care services in the UK. The performance issues referred to in the Audit Report were resolved by a system upgrade.”

Comment:

It’s difficult if not impossible to see how a single upgrade could address all the points SWAP made – such as the lack of a service level agreement to cover AIS or the refusal by IBM to supply a copy of its contract with Northgate.

Whenever auditors produce a hard-hitting report there will be 2 opposing sides: defenders of what’s being criticised and the auditors.

It is up to the auditors to cut through any dissimulation, obfuscation and prevarication to identify what’s going well, what isn’t, and what the uncertainties and risks are.

Auditors would not be doing their job if they always accepted verbal assurances at face value.

But what if auditors are undermined by councillors who readily accept verbal assurances from their officers who wish to defend the suppliers?

A supplier that doesn’t have to provide documentary evidence can say anything in defence of its systems and the quality of service.

Somerset’s councillors are lucky to have auditors as independently-minded as SWAP.

It’s unlikely that SWAP would accept at face value the Somerset officer’s suggestion that because AIS is widely used it’s unlikely to be a poor system.

This would be like Ford saying a particular Mondeo is unlikely to be at fault because thousands of people happily own one.

Every IT installation is different, even if the main software package is widely used. The hardware, network configuration, load on the network, facilities and interfaces installed will render every IT installation unique.

It’s conceivable that every council client of AIS could have a trouble-free service except Somerset.

Are the council’s audit committee councillors gullible to accept verbal assurances about the problems with AIS being solved without requiring proof?

Where does this leave the 775 users of Somerset’s AIS, many of whom may be having to do difficult work in managing vulnerable adults while trying to cope with what may be one of the UK’s worst outsourced systems?

Thank you to Dave Orr for providing information that made this post possible.

Pity the 775 users who use this outsourced council system?

SWAP report on AIS for Somerset County Council’s Audit Committee 2 July 2015

SWAP 2012-2013 audit report on AIS

 

 

Pity the 775 users who use this outsourced council system?

By Tony Collins

Adult care systems are a cinderella IT service for councils.

It’s rare for journalists to write about them, for good or ill, perhaps because they help council staff deal with vulnerable adults. Such systems help with payments to care home and hospice providers. They help staff organise facilities for adults with learning disabilities or dementia, and respite care for adults at risk of abuse.

One such system has 775 users in Somerset. It’s a “critical” application according to the county council there.  The Adults Integrated Solution was originally supplied by Northgate. The system became IBM’s responsibility under a 10-year outsourcing and joint venture, Southwest One.

The latest in a series of excellent reports on the system’s enduring problems by auditors the South West Audit Partnership goes to Somerset County Council’s Audit Committee today (2 July 2015).

How bad is bad?

The report says the system’s response times have been so poor  that audit trails and logs have been disabled. So how can IBM and the council trace and attribute user activity in the system – particularly one handling sensitive and personal data?

The report says this disabling of the audit trial and logs is “worrying”.

Auditors reported on the system’s weaknesses in their 2012/2013 audit report.  Since then there has been only “limited progress” in implementing recommendations, says today’s report.

On some of their priority recommendations, auditors say they have been unable to obtain documentary evidence to support implementation. They have received verbal assurances – but they remain concerned.

The report says that AIS performance and response times “can still be less than adequate for users’ needs” and IBM is unwilling to develop a service level agreement specifically for the AIS application.

Indeed IBM has refused to give the county council a copy of the AIS contract with Northgate and it was not made available to the South West Audit Partnership for its audit of the system.

This may prompt councillors to ask how the council can properly manage a critical application if it has no control over the system or the outsourcer.

Repeated audit reports on the problems appear to have left matters unresolved.

Below are some of the concerns of the South West Audit Partnership as mentioned in its 2012/2013 audit report. It reports today that it has received only “partial” assurances that these problems have been solved.

Applications could be unavailable a month or more

Said the South West Audit Partnership: “We have identified in previous audit reports that there is no tested IT disaster recovery strategy. This is a strategy that would be put into effect in the event the Somerset County Council data centre was unavailable for any reason. Although a contract has been signed with Adam Continuity, applications could still be unavailable for a month or even more.”

No formally-named business system owner

“As of November 2014, Helen Wakeling (AIS System Owner) has left Somerset County Council. The responsibility of AIS system ownership needs to be reassigned and formalised.”

Payments to care providers not properly checked?

“… there does not appear to be a process to ensure payments are authorised, appropriate, complete and accurate…

 

IBM has no contractual duty to provide a good system

“There is no contractual requirement or service level for Southwest One [IBM] to provide a platform that delivers performance and response time that is acceptable to ASC [Adult Social Care] Operations.”

Data validation?

“Data quality in AIS data is undermined by the lack of robust input validation within the AIS application.

“Client records can be created with a minimum of information. Key personal identifiers such as data of birth, NI number and NHS number do not need to be entered and this both increases the risk of duplicate records and provides less data with which to identify those that have been created…”

Is IBM hiding AIS contract from the council?

“Southwest One currently owns the contract with Northgate and would not provide SWAP with a copy. As a result SWAP [South West Audit Partnership] was not able to evaluate Northgate’s compliance with the terms of the contract including licensing requirements…”

Personal data at risk?

“It was noted that developers have access to the production environment, unmasked live production data is used by developers and vendors for testing purposes and desktops are not locked down.”

Potential for fraud?

“In addition the authorise function, a security feature available in AIS has not been implemented resulting in all authorisations occurring outside of AIS. As a result data loss, potential corruption of data, incorrect and potentially fraudulent use of the application, missed, inappropriate or additional payments, will not be identified and acted upon.”

Corrupt data?

“In spite of a recent security incident that appeared to result in some data corruption, there is no reporting in place or review of user, super user or generic user access for appropriateness.”

Can former staff still log on?

“Terminated users were identified with valid AIS access credentials. Just less than 10% of managers with access were found to be no longer employed. In addition user ids are not disabled after not being used for a period of time.”

Unattended screens?

“The time-out for the application is 1 hour. Although users typically leave the application on and lock the screen when they go out to lunch, this process is inefficient, leaving sessions unavailable for others and insecure, since the user could forget to lock their screen and allow bypass of all security.”

System security?

“We also identified in our capacity management audit that desktop lock-down is not in effect and as a result AIS data can be downloaded and copied to USB flash storage. SWAP recommended data security policies be developed and implemented …”

**

Dave Orr who has followed events at Somerset closely since the county council signed the Southwest One contract in 2007 has written to audit committee councillors about the AIS system.

One of his questions is how the council could have transferred a critical application to IBM without its being protected by any specific service level agreement.

Orr says: “I do not believe that an in-house IT service, with a head of IT in the direct employ of this council, would be allowed to leave these serious shortcomings in performance, audit logging and disaster recovery unaddressed.”

Comment

So much for the claims back in 2007, when the council and IBM formed Southwest One, that the services would be “beyond excellence”.

If this is the worst outsourced system in the UK where does that leave the 775 council users who no doubt are trying to do their best for the vulnerable adults in their community?

Thank you to Dave Orr for providing the information on which this article is based.

Universal Credit at “amber/red” says latest DWP report

By Tony Collins

The Major Projects Authority, which is part of the Cabinet Office’s Efficiency and Reform Group, has today published its annual report on 188 projects including Universal Credit, about which it makes only positive comments.

But the authority’s annual report is, it appears, economical with the actualité. At the same time as the MPA published the report, the Department for Work and Pensions published a spreadsheet with statistics and its own narrative on the state of its major projects including the Universal Credit programme.

The spreadsheet said that the UC programme had an “amber/red” rating – but neither the MPA nor the Department for Work and Pensions has given the MPA’s reasons for the rating.

At the request of permanent secretaries the MPA has agreed not to publish its comments on the traffic light status of certain projects, including Universal Credit. The MPA and the Cabinet Office have agreed to allow officials in each departmental to give their own narrative to explain the traffic light status of their projects.

So the DWP, on its website, gives a summary of the state of its major projects, but its narrative on Universal Credit says nothing about the programme’s problems. Neither is there any of the MPA’s recommendations which related to the “amber/red” rating.

In a further shrinking from openness, the MPA and Cabinet Office have agreed with permanent secretaries that the traffic light status of major projects will be published only when they are out of date. So the “amber/red” rating on Universal Credit, although published today, is dated September 2014.

Comment

It is odd in a modern democracy that a large central government department – the DWP – can spend £330m on the IT for a major project and get away with publishing such obviously contradictory information on the scheme.

On the one hand the MPA, the Cabinet Office and the DWP publish only positive comments about progress on the Universal Credit programme.

These are some of the MPA’s comments on Universal Credit:

“Delivery remains on track against plans announced in September 2014. Additionally the Programme has brought forward testing of initiatives from which the programme can learn including the:

• Continued trialling of Universal Support in partnership areas to ensure the right integrated local foundations are in place to support UC expansion.

• Extending In work progression trials to help households increase their earnings once they have found work. • Extending the role of UC Work Coaches to engage with households at their work search interview to assess financial capability.”

Similarly the DWP’s comments in its spreadsheet on the status of its major projects reads like a government press release. Why was one of the government’s major projects – the whole life project costs of UC are estimated at £15.8bn – given an amber/red status?

We don’t know. Except we know that the MPA gives an amber/red rating when it regards a programme as not on track – a programme that needs an assurance and action plan to improve confidence in delivery. Why is the programme not on track? What does the assurance and action plan say? What is the rating today?

So much for open government. Indeed the DWP’s external lawyers are going to an FOI tribunal in London next month as part of a long legal battle to stop four old reports on Universal Credit being published.

Any ministerial announcements about open government in future should, perhaps, take this unedifying FOI episode into account.

Major Projects Authority annual report 2014/2015

DWP will fight to stop publication of Universal Credit reports whoever wins in May

By Tony Collins

dwpOn 7 July 2004 the Work and Pensions Committee called on the DWP to be “significantly more open about its IT projects”.

Today – 11 years later – the DWP is fighting to stop publication of four reports that would throw light on early problems with the IT work on Universal Credit.

And the DWP has continued to keep secret millions of pounds worth of reports on the progress or otherwise of its big projects, including those that have a major IT element,  Universal Credit in particular.

The Department is preparing for a new one-day hearing as part of its legal efforts – which have lasted two years so far – to stop the four reports on Universal Credit being published under the FOI Act.

A first-tier tribunal judge in March 2014 ordered the DWP to publish the reports. The following month the same judge refused the DWP leave to appeal, but the DWP’s external lawyers appealed to an upper tribunal for leave to appeal.

Now a judge has ordered a new one-day hearing in London, at a date yet to be set.

While the appeals continue the DWP does not have to publish the reports. In the light of this, DWP officials plan to continue their legal fight to stop publication of the reports, irrespective of who wins the election next month.

Indeed the case could go on for years. That legal costs for taxpayers are mounting seems no deterrent to the Department’s officials.

The four reports are already dated – they go back to 2012. The reports are the risks register, issues register, milestone schedule and project assessment review. All are about the Universal Credit programme.

John Slater, a programme and project management professional, requested three of the reports under FOI. I requested the project assessment review. 

Lamentable

Little has changed – the DWP has remained defensive and secretive – since 2004 when the Work and Pensions Committee said in its weighty report “Department for Work and Pensions Management of Information Technology Projects: Making IT deliver for DWP Customers”:

“The record on IT by DWP and its predecessor the Department of Social Security, has been lamentable …”

The report referred to the DWP’s habit of setting “unrealistic deadlines” on big projects, a problem that years later hit Universal Credit.

The Committee in 2004 added that the DWP was keeping reports secret to avoid embarrassment:

“We felt that on occasions the secretive approach adopted by the Department and the Government … had little to do with commercial confidentiality and more to do with departments using it as an excuse to withhold information that rightly belonged in the public domain, but which might embarrass the Department if released publicly.

“In our view the lack of Parliamentary accountability is part of the reason for the relatively high number of defective IT projects.”

The secrecy is not the fault of the DWP’s major suppliers -who include IBM, HP, Accenture, BT and Fujitsu. The Work and Pensions Committee said:

“During our enquiry, we were struck by how open IT suppliers seemed prepared to be in contrast with the tendency of officials to invoke commercial confidentiality.”

universal creditIn an echo of the Work and Pensions Committee’s 2004 report, the Public Accounts Committee said in February 2015, in its report: Universal Credit: progress update:

“… a lack of openness remains within the Department, as does an unwillingness to face up to past failings.

“The Department refused to accept the extent of previous failings, despite the overwhelming evidence we heard last year that the programme’s management had been extraordinarily poor prior to the reset, and the small numbers claiming Universal Credit.

“Furthermore, since early 2012, the Department has been fighting a protracted legal case to prevent the publication of documents relating to the management of Universal Credit…”

Ministers powerless?

Ministers have so far been unable to persuade civil servants to publish contemporaneous reports on the government’s big IT-enabled projects and programmes.

Francis Maude came to power in 2010 expecting to publish “Gateway” reviews on IT schemes but senior civil servants refused, arguing in part that publication would have a “chilling effect” on those writing and researching the reports.

Maude gave up on trying to get the reports published but gained reluctant agreement from permanent secretaries to publishing the traffic light status of large projects – but only after these assessments have lost their topicality in the form of a six-month time lag.

FOI campaigners say there are several reasons senior civil servants do not want reports on big IT-based projects, including Universal Credit, published.

The main reason, they say, is tradition: departments have always kept secret their internal independent reports on the progress or otherwise of major schemes.

Another reason is that officials do not always implement the reports’ recommendations. If nobody outside a department’s inner circle knows what a report’s recommendations or findings are, will it matter if they go unimplemented?

A further reason is that disclosure of the reports may cause embarrassment by confirming that a department’s ministers and officials have been economical with the truth – giving Parliament and the media the wrong impression about a project’s successful progress.

Lucrative

Another reason for keeping the reports secret may be that it enables civil servants and consultants who write the reports to be kind – perhaps even deferential – to their Whitehall colleagues by producing positive reports on projects that may later go awry.

Writing and researching the reports can be lucrative work. They are sometimes worth £1,000 a day to some consultants. A positive report with comfortable conclusions is more likely to bring further commissions than a generally negative one.

Indeed an upper tribunal judge Edward Jacobs, in a ruling on the case of the four reports, hinted that they were so positive even a hostile press would be pressed to find things to criticise.

Jacobs said that if he grants a rehearing of the case it is possible that the new tribunal “will need to consider that some of the contents (of the four reports) could hardly be presented badly even in the most hostile media coverage”.

Why disclosure is important

Officials working on Universal Credit have repeated mistakes of the past: setting unrealistic deadlines, underestimating complexity and not being open about project problems – even internally: their minister, Iain Duncan Smith, to get the unvarnished truth, had to set up his own “red team” reviews to bypass civil servants who had been giving him information.

As John Slater has pointed out, the late Lord Chief Justice Lord Bingham made an important statement on the need for openness:

“… Modern democratic government means government of the people by the people for the people. But there can be no government by the people if they are ignorant of the issues to be resolved, the arguments for and against different solutions and the facts underlying those arguments.

“The business of government is not an activity about which only those professionally engaged are entitled to receive information and express opinions. It is, or should be, a participatory process. But there can be no assurance that government is carried out for the people unless the facts are made known, the issues publicly ventilated.

“Sometimes, inevitably, those involved in the conduct of government, as in any other walk of life, are guilty of error, incompetence, misbehaviour, dereliction of duty, even dishonesty and malpractice. Those concerned may very strongly wish that the facts relating to such matters are not made public.

Publicity may reflect discredit on them or their predecessors. It may embarrass the authorities. It may impede the process of administration. Experience however shows, in this country and elsewhere, that publicity is a powerful disinfectant. Where abuses are exposed, they can be remedied. Even where abuses have already been remedied, the public may be entitled to know that they occurred.

Comment

The DWP’s culture of secrecy seems to overwhelm all new ministers who go along with it because they cannot run such a huge and complex department without the full support of their officials.

That’s perhaps why officials, on the matter of openness on IT projects, need never take seriously criticisms by the Information Commissioner, the Public Accounts Committee or the Work and Pensions Committee.

If officials have taken little notice of MPs for more than a decade, why should they start behaving differently under a new government?

The taxpayer suffers in the end. The DWP’s lamentable record on running major IT-based projects will probably continue, with huge financial losses and without accountability, while money continues to be poured into fighting pointless FOI legal battles.

It seems unlikely – and indeed would set a precedent – but perhaps a new set of ministers at the DWP will dare to try and change the culture.

 

 

Has 8 years of IT-based outsourcing really come to this?

By Tony Collins

In public, in the past, Taunton Deane Borough Council’s IT-based outsourcing deal has always been a success. Two years ago council officers and an executive at IBM were particularly upbeat about the success of their partnership.

“Service delivery … viewed in the round, is broadly on track. The majority of services perform well or extremely well…”

Now that the 10-year contract is 2 years away from expiry, which encourages officers to consider what happens then,  more of the truth is emerging.

A council report this month reveals that:

Savings are less than half those first envisaged – £3m against £10m projected. The £3m is an “identified” rather than actual saving.  The projected savings are “now out of alignment with our new financial circumstances and savings requirements”.

– Costs of exiting the contract with the IBM-run Southwest One partnership will be “significant”.

– Unravelling a shared services contract and reallocating work to the 50 council staff seconded to Southwest One will be “complex”. Says the report: “Any disaggregation from the shared service model will be complex and resource intensive and will also be challenging for SWO [Southwest One] as it attempts to satisfy the requirements of three partners whilst protecting and maximising its own financial position”.

– Use of lawyers will be intensive and already consultants have been engaged to advise on the implications of the contract’s ending. Funding this work will mean dipping into the council’s financial reserves.

– the joint venture with IBM has “not attracted new partner authorities” as first envisaged.

– IBM’s global strategy has changed, as has the council’s. Says Taunton Deane’s report of 10 March 2015: “Whilst central government once heralded large scale, multi agency and multi service partnerships with the private sector as the future, their advice now appears to be changing (in favour of) sustained competition, disaggregated services, small short contracts, transparency and diverse supply.”

– Technology strategies have changed. “Computer data centres are being replaced by cloud solutions and mobile technologies have become the norm in many business environments”.

It also emerges that the council is deeply unhappy with its SAP-based transformation, which was directed and implemented by IBM.  The SAP system is “costly”, “complex”, “not responsive to TDBC requirements”, and “resource intensive”.

The SAP system is also a “barrier to sharing services with other district councils”, and “does not support the customer access agenda in respect of channel shift as the SAP Citizen Portal (website) is inadequate”.

The “system is overly complex and users find the processes inefficient”.

Ending the contract means considering in depth:
– staffing implications
– premises and accommodation
– asset & third-party contract transfers
– communications
– logistics, technical infrastructure and system security and access
– intellectual property and authority data
– work in progress transfer
– service transition and knowledge transfer
– company dissolution

The council will also need to consider its service delivery options, which will involve:
– costed business case and recommendations
– understanding risks
– contractual implications and legal advice
– financial implications
– exploratory negotiations with SWO and discussions with the public
partners
– a detailed review to identify the options and costs for potential
replacement systems for the SAP system

Says the council report:

“Preparing for and implementing contract end and potentially exit from SWO [Southwest One] will require a significant amount of time and effort from the authorities due to the volume of work required, some of which is contractual and cannot be avoided.

“Contract end will require robust project governance and the appointment of an authority exit management team including work-streams around: exit management, HR, legal/contract representation, commercial, project management, communications, finance, technology and procurement.

“The resource requirement will be similar whichever future delivery option is selected.”

Comment

Councils that are considering large IT-based outsourcing deals could learn much from Taunton Deane’s experiences. At the start of such deals clients and suppliers find it easy to talk about what they’ll deliver – they need prove nothing by actions at this stage.

Taunton Deane and Somerset County Council, its lead partner in Southwest One, blew the trumpet in advance of their deal with IBM. Big savings were promised, and a transformation programme that would be led by a world-class supplier.

Barnet Council’s leading councillors  and officers also published numerous upbeat reports and gave zestful speeches in praise their forthcoming outsourcing deal with Capita.

At Taunton Deane, over time, expensive actions replaced cheap words. Partners did not join the partnership so economies of scale did not materialise. The transformation proved more complex than first envisaged. Reality overwhelmed aspirations.

Nobody could escape from the fact that the council was passing across to IBM a host of conflicting realities and expectations. Beyond the rosy Disney world of pre-contract euphoria was a harsh landscape.

Officers and councillors were actually passing across costs that were unlikely to decrease, and savings requirements that were likely to become more demanding. On top of this the supplier had to make a profit.

How can big savings and costly IT-led transformations not be in conflict with the inbuilt demands of suppliers whose share price is sensitive to the exacting expectations of investors who require ever increasing returns?

Councils will continue to outsource because their officers and lead councillors are unlikely to be in place in the later stages of a contract when they could otherwise be accountable for an administrative, financial and technological mess. In the early stages nobody need be held accountable for anything.  Words are sufficient. Promises cannot be tested yet.  Guarantees sound impressive.

It’s only actions that are hard to achieve.

Perhaps the answer is for auditors to become more proactive. The National Audit Office has this week published well considered guidelines for local authority auditors which calls for “professional scepticism”.  Auditors can stop councils making mistakes. They can see through promises and so-called guarantees.  It’s actions that matter.

At the start of a contract when the supplier’s executives, council officers and lead councillors are all in love they’ll say anything to reassure to each other. But everyone knows that when expectations are at their peak there is only one way to go – Taunton Deane has discovered to its cost.

Thank you to openness campaigner Dave Orr for providing the information on which this blog is based. 

TDBC SW1 contract exit planning Item 10 March 2015 (2)