Category Archives: National Audit Office

Public sector not reporting multiple cyber attacks

By Tony Collins

Successful cyber attacks on parts of the NHS and some councils and universities have not been reported to the police – even where criminals have locked information and demanded ransom payments, an investigation by The Yorkshire Post found.

The National Crime Agency, which is the UK’s lead agency against organised crime, human, weapon and drug trafficking and cyber crime, has said that “under-reporting of cyber crime remains a key barrier to our understanding of its true scale and cost”.

Its comments were aimed at the directors in the private sector. But it’s clear that the public sector is not setting an example.

The Yorkshire Post says that the Mid Yorkshire Hospitals NHS Trust had two ransomware attacks last year in which data was encrypted on some departmental drives with demands for payment made to unlock it. While no payment was made and the information recovered from back-up systems, neither incident was reported to police.

Barnsley Council had 13 successful ransomware attacks since April 2016 and none was reported to the police. No ransoms were paid, data was restored from back-up systems and accounts were disabled and changed to “render any captured credentials of little use”.

Three of Yorkshire’s universities had almost 300 successful attacks in the 
last three years. None was reported to police.

The 
University of York had 237 incidents which included nine distributed denial of service attacks and a further seven incidents in which servers were “compromised” by hackers.

A spokesman for the university said: “We did not consider that any incident caused sufficient loss, either monetary or of data, to justify reporting to the police.”

The University of Huddersfield had 54 successful attempts and nothing was reported to the police “due to low level impact”.

Ensuring the buck stops nowhere?

In a National Audit Office blog, the NAO’s cyber director Tom McDonald and digital transformation specialists Yvonne Gallagher (who’s a former CIO in two government departments) and Max Tse pointed to a lack of accountability in the public sector for deterring cyber attacks and managing the risks.

In health, for example, the Department of Health’s delegates to NHS England, which funds over 200 local clinical commissioning groups to purchase care from local health trusts.

Social care is the responsibility of the larger local authorities who are accountable to their local electors.

NHS Digital has some overview of data and IT systems for the health and social care sectors (through its management of national NHS IT systems, such as the NHS Spine or N3 Network) and it has a dedicated Data Security Centre, but it has no authority over councils and trusts to ensure even simple security measures are implemented locally, such as software updates and patches.

The National Audit Office found that, across government, “there has been little coherence between the several lines of governance and senior oversight of cyber and information security”.

It added,

“A number of organisations and a plethora of working-level groups have been involved in cyber security and supporting digital transformation across government. The government itself has described these arrangements as an ‘alphabet soup’.”

There’s also a shortage of IT security skills in the public sector, which is exacerbated by the high number of so-called “transformation” projects and programmes and a reliance on legacy systems such as Windows XP which proved vulnerable in the WannaCry attack, said the National Audit Office.

Comment

The government could make it mandatory for Whitehall, councils, the NHS and other parts of the public sector – including the police – to report incidents to the National Crime Agency.

It’s unlikely to happen though.

There’s a woeful lack of reporting and accountability in the public sector on IT-related matters.  WannaCry and hundreds of other “successful” incidents in public sector in the past year will not make any difference.

That the public sector will work to reduce the ill effects of cyber attacks is a given. It’s also inevitable that it’ll work hard at ensuring, in line with culture and convention, that, when there are “successful” incidents, the buck stops nowhere.

Thank you to Zara Pradyer for alerting me to the Yorkshire Post article.

Advertisements

Whitehall renews facade of openness on major IT projects

By Tony Collins

Headlines yesterday on the state of major government IT projects were mixed.

Government Computing said,

“IPA: Whitehall major projects show ‘slow and steady’ delivery improvement”

Computer Weekly said,

“Government IT projects improving – but several still in doubt”

The Register said,

“One-quarter of UK.gov IT projects at high risk of failure – Digital borders, digital tax and raft of MoJ projects singled out”

The headlines were prompted by the Infrastructure and Projects Authority’s annual report which was published yesterday.

The report listed the RAG – red/amber/green – status of each of 143 major projects in the government’s  £455bn major projects portfolio. Thirty-nine of these are ICT projects, worth a total of £18.6bn.

Publication of the projects’ red/amber/green status – called the “Delivery Confidence Assessment” – seemed a sign that the government was being open over the state of its major IT and other projects.

A reversal of decades of secrecy over the progress or otherwise of major IT projects and programmes?

In a foreword to the Infrastructure and Project Authority’s report, two ministers referred twice to the government’s commitment to openness and accountability.

MP Caroline Nokes, Cabinet Office minister, and MP Andrew Jones, a Treasury minister, said in their joint foreword,

“The government is also committed to transparency, and to being responsive and accountable to the public we serve.

“Accordingly, we have collected and published this data consistently over the past five years, enabling us to track the progress of projects on the GMPP [Government Major Projects Portfolio] over time.

“We will continue to be responsive and accountable to the public.”

But the report says nothing about the current state of major IT projects. The delivery confidence assessments are dated September 2016. They are 10 months out of date.

This is because senior civil servants – some of whom may be the “dinosaurs” that former minister Francis Maude referred to last month – have refused to allow politicians to publish the red/amber/gtreen status of major projects (including the Universal Credit programme and the smart meters rollout) unless the information, when published, is at least six months old.

[Perhaps one reason is to give departmental and agency press officers an opportunity to respond to journalists’ questions by saying that the red, red/amber of amber status of a particular major project is out of date.]

Amber – but why?

An amber rating means that “successful delivery appears feasible but significant issues already exist” though any problems “appear resolvable”.

In September 2016 the Universal Credit programme was at amber but we don’t know why. Neither the IPA or the Department for Work and Pensions mention any of the “issues”.

The £11bn smart meters rollout is also at amber and again we don’t know why. Neither the IPA nor the Department for Business, Energy and Industrial Strategy mention any of the “issues”. Permanent secretaries are allowed to keep under wraps the IPA’s reasons for the red/amber/green assessments.

Even FOI requests for basic project information have been refused.  Computer Weekly said,

“Costs for the Verify programme were also withheld from the IPA report, again citing exemptions under FOI.”

Comment

The senior civil servants who, in practice, set the rules for what the Infrastructure and Projects Authority can and cannot publish on major government projects and programmes are likely to be the “dinosaurs” that former Cabinet Office minister Francis Maude referred to last month.

Maude said that Whtehall reforms require that new ministers “face down the obstruction and prevarication from the self-interested dinosaur tendency in the mandarinate.”

Clearly that hasn’t happened yet.

The real information about Universal Credit’s progress and problems will come not from the Infrastructure and Projects Authority – or the Department for Work and Pensions – but from local authoritities, housing associations, landlord organistions, charities and consumer groups such the Citizen’s Advice Bureau (which has called for Universal Credit to be halted), the local press, the National Audit Office and Parliamentary committees such as the Public Accounts Committee and Work and Pensions Committee.

On the smart meter rollout, the real information will come not from the Infrastructure and Projects Authority – or the Department for Business, Energy and Industrial Strategy – but from business journalist Paul Lewis, consumer advocate Martin Lewis, business organistions such as the Institute of Directors,  experts such as Nick Hunn, the Energy and Climate Change Committee and even energy companies such as EDF.

Much of this “real” information will almost certainly be denied by Whitehall press officers. They’ll be briefed by senior officials to give business journalists only selected “good news” facts on a project’s progress and costs.

All of this means that the Infrastructure and Projects Authority may have good advice for departments and agencies on how to avoid project failures – and its tact and deference will be welcomed by permanent secretaries – but it’s likely the IPA will be all but useless in providing early warnings to Parliament and the public of incipient project disasters.

Ministers and some senior civil servants talk regularly about the government’s commitment to openness and accountability. When it will start applying to major government IT projects?

 

UK.gov watchdog didn’t red flag any IT projects. And that alone should be a red flag to everyone

 

 

 

 

MPs suggest Cabinet Office is losing its grip on departments – but does it care?

By Tony Collins

The Register has an excellent piece by Kat Hall on how the Cabinet Office is losing its grip on Government departments.

Citing the annual report of the all-party Public Accounts Committee, Hall says there are issues where “departments repeatedly don’t do what they have been told or asked to do by the centre”.

An analysis by The Register found that

“government departments are winning significantly more exemptions to splash the cash on expensive IT projects since the departure of former Cabinet Office minister Francis “Mad Frankie” Maude last year”.

Chair of the Public Accounts Committee Meg Hillier said: “After my second year as Chair I am increasingly concerned about the long-term accountability of senior civil servants.

“The game of musical chairs starts as one Permanent Secretary moves on and they all change jobs in the system. And few are in post long enough to have a vested interest in the long-term aims of their department or a project.

“And there is the age-old tension between a department and central Whitehall through the Cabinet Office.”

Universal Credit and HMRC’s plans to overhaul its Aspire IT contract – the biggest in Europe – were outlined as being two areas of concern. As was the Home Office’s Emergency Services Network.

“The Home Office seemed to downplay the risks to the contract and its being caught unawares by the contractor does not reassure us that the Department is on top of the contract or this project. This could cost the taxpayer dear,” it said.

Comment:

It’s hard to argue with a comment on Hall’s piece by @JagPatel3 who suggests that some in Whitehall are as preoccupied with spin as with the efficient delivery of public services.

“… Government is preoccupied with presentation, manipulation of words and the dark art of spinning – instead of working on its programme of reform to deliver public services efficiently, to satisfy the wants, needs and expectations of the electorate.

“The political imperative of needing to put a positive slant on everything the Government does or will do, irrespective of whether it is true or not, is the reason why spin has become the centrepiece of this Government’s communications strategy.

“And because Government has got a monopoly on inside information (enabling it to maintain extremely tight control), it uses spin to divert attention away from the key issues that really matter to citizens …

“the eagerness with which senior Civil Servants have complied with their political masters’ desire to see policy announcements framed around presentation and spin, at the expense of substance, would explain why their skills set has been narrowed down to this single, dark art.”

The commentator also says that the “intense focus of attention on presentation alone has resulted in a massive gap opening up between the leadership and lower ranks of the Civil Service, who have to deal with the reality of delivering public services on the ground, on a day-to-day basis, which has in itself, led to alienation and disaffection”.

A good summary. Many ordinary civil servants are doing the hard work of delivering public services while a few of their masters are preoccupied with keeping what they do secret and justifying or defending all else that is published in National Audit Office reports, other third-party reports or leaked emails.

It’s hardly surprising the Cabinet Office is losing control of departments. Since Maude’s departure it doesn’t want control. It has become clear that it wants, in a hassle-free way,  to continue with Sir Humphrey’s non-integrated approach to government.

The Cabinet Office is just another Whitehall department. Why would it want to be an “enforcer?”

Does Universal Credit make a mockery of Whitehall business cases?

By Tony Collins

Does Universal Credit make a mockery of this Treasury guidance on business cases?

It’s supposed to be mandatory for Whitehall departments to produce business cases. They show that big projects are “unequivocally” affordable and will work as planned.

But Computer Weekly said yesterday that the Department for Work and Pensions has not yet submitted a full business case for Universal Credit although the programme has been running for six years.

The result is that the Universal Credit IT programme may be the first big government computer project to have reached the original completion date before a full business case has been finalised.

Its absence suggests that the Department for Work and Pensions has not yet been able to produce a convincing case to the Treasury that the IT programme will either work or be affordable when it is due to roll out to millions of claimants.

The absence also raises a question of why the Department for Work and Pensions was able to award contracts and proceed with implementation without having to be accountable to Parliament for milestones, objectives, projected costs and benefits – all things that would have been recorded in the full business case.

If the DWP can proceed for years with project implementation without a full business case, does this mean that other Whitehall department need have no final structured plan to justify spending of billions on projects?

Will Universal Credit work?

By early March 2017, fewer than 500,000 people were on Universal Credit. On completion, the system will be expected to cope with seven million claimants.

Although the rollout of the so-called “digital” system – which can handle all types of claim online – is going well (subject to long delays in payments in some areas and extreme hardship for some), there are uncertainties about whether it will cope with millions of claimants.

Universal Credit campaigner John Slater has been unable to obtain any confirmation from the DWP on whether it is planning to complete the rollout by 2022 – five years later than originally scheduled.

Business cases present arguments that justify the spending of public money. They also provide a “clear audit trail for purposes of public accountability,” says Cabinet Office guidance on business cases.

But hundreds of millions has already been spent on Universal Credit IT, according to the National Audit Office.

Business cases are mandatory … sort of

The Treasury says that production of business cases is a

“mandatory part of planning a public sector spending proposal …”

Yesterday, however, Computer Weekly reported that,

“Amazingly, given the programme has been going since 2011, the full business case for Universal Credit has still not been submitted or signed off by the Treasury – that’s due to take place in September this year.”

The Treasury says that preparation of the Full Business Case is “completed following procurement of the scheme – but prior to contract signature – in most public sector organisations.”

But by March 2013, the Department for Work and Pensions had already spent about £303m on Universal Credit IT, mostly with Accenture (£125m), IBM (£75m), HP (49m) and BT (£16m), according to the National Audit Office.

Why a business case is important

The Treasury sums up the importance of business cases in its guidance to departments,

“… it is vital that capital spending decisions are taken on the basis of highly competent professionally developed spending proposals.

The business case provides a

“structured process for appraising, developing and planning to deliver best public value.”

The full business case, in particular, sets out the

  • contractual arrangements
  • funding and affordability
  • detailed management arrangements
  • plans for successful delivery and post evaluation.

In the absence of a full business case the DWP was able to start the Universal Credit IT programme with little structured control on costs. The National Audit Office found in 2013 that there was

  • Poorly managed and documented financial governance
  • Limited evidence that supplier invoices were properly checked before payments were made.
  • Inadequate challenge of purchase decisions
  • Insufficient information on value for money of contracts before ministers approved them
  • Insufficient challenge of suppliers’ cost changes
  • Over-reliance on performance information from suppliers that the Department for Work and Pensions didn’t validate.
  • No enforcement by the DWP of key parts of the supplier contracts

Comment

Officials at the Department for Work and Pensions have gone to the bank for money for a new business venture – the building of Universal Credit IT – and said in effect,

“We’ll let you have an outline business case that may change a few times and in a few years, perhaps on completion of the programme or thereabouts, we’ll provide a full business case. But we’d like the money now please.”

In response the bank – HM Treasury – has replied in effect,

“You’re supposed to supply a full business plan before we decide on whether to give you the money but we know how important Universal Credit is.

“We’ll tell you what: we’ll let you have a few tens of millions here and there and see how you get on.

“For the time being, without a full business case, you’re restricted to an IT spend of around £300m.

“In terms of the eligibility criteria for the money, you can let us know what this should be when you’re a few years down the road.

“We accept that you’ll be in a much better position to know why you should be given the money once you’ve spent it.”

Does “mandatory” mean anything when there is no sanction against non-compliance?

And when the DWP is able to embark on a multi-billion pound programme without submitting a full business case until after the original completion date (2017), what’s the point of a business case?

The fact that the DWP is six years into implementation of Universal Credit without a full business case suggests that departments make up the rules as they go along.

What if the Treasury rejects the Universal Credit business case when it’s eventually submitted?

Will the DWP wait another few years to submit a case, when an entirely new set of officials will be in place? By then, perhaps, the Universal Credit rollout will have finished (or been aborted) and nobody at that stage could be effectively held to account if the scheme didn’t work or money had been wasted.

If Whitehall routinely waits until an IT-based programme is finished before presenting a full business case for Treasury approval, there’s nothing the Treasury can do if it wants and needs the programme.

Sir Humphrey is all-powerful.  Why should officials worry about presenting full business cases on programmes they know there’s a political imperative to deliver?

Can DWP meet its revised 2022 target for completion of Universal Credit? – Computer Weekly

Treasury guidance on business cases

 

 

Will MPs’ report on Capita’s BBC contract make any difference?

By Tony Collins

At one level, Capita’s contract to handle most of the BBC’s TV licensing work is, in general, a success, at least according to statements made to the media.

Were it not for the National Audit Office and the Public Accounts Committee, a fuller story would not have emerged.

Today in The Guardian, a BBC spokesperson speaks of the Capita TV licensing contract in glowing terms. Through the contract, the BBC has reduced collection costs by 25% and increased revenue for programmes and services.

A Capita spokesperson spoke in similar terms. Capita has helped the BBC to collect more TV licence fee revenue every year since 2010-2011.

The only blip in the contract had seemed to be the heavy-handed tactics of some Capita staff. The Daily Mail reported in February 2017 that vulnerable people were hounded as some Capita staff tried to catch 28 TV licence evaders a week for bonuses of £15,000 a year.

This blip aside, has anything else gone wrong? There’s no hint of any technological problems on Capita’s website – or the BBC’s.

The BBC reported in 2011 that Capita will transform the TV licensing service, “using advances in technology and analytics to increase revenue and reduce costs”.

Capita’s website has a case study on its work for the BBC that refers to cost savings of £220m over the life of the contract, organisation-wide efficiencies and “protected brand image” among other benefits.

In December 2016, Capita described the “partnership” with the BBC  as a “success”.

The bigger picture

Capita processes TV licence payments, collects arrears and enforces licence fee collection. Its current contract with the BBC began in July 2012 and, after a recent renegotiation, ends in 2022 with the option to extend by up to a further five years.The BBC paid Capita £59 million in 2015–16.

The BBC has had a long-standing ambition to improve its main TV licensing databases so that they are structured by individual customers rather than households.

This was one of the hopes for the contract with Capita but it hasn’t happened. Capita had partly subcontracted work on the BBC’s legacy databases to CSC Computer Sciences.

Manual workarounds

The BBC, in its contract with Capita, aimed to upgrade ICT as part of a wider transition programme. The BBC paid Capita £22.9m for parts of the programme that were delivered, including restructuring contact centres, updating the TV Licensing website and upgrading handheld units for field staff.

The Public Accounts Committee says in today’s report,

“However, improvements with a contract value of £27.9m, primarily related to replacing legacy ICT systems, were not delivered by Capita and its subcontractor (CSC), and were not paid for by the BBC.

“As a result of the transition programme being only partly completed and subsequently stopped, the BBC and Capita currently have to do resource-intensive manual workarounds between inefficient ICT systems.

“Capita informed us that it was bearing the additional costs associated with undelivered elements of the transition programme. However, the BBC has had to allocate £9m to Capita to support the ongoing use of legacy systems, costs which the BBC told us were compensated for elsewhere in the renegotiated contract.

“It is unclear to us why ICT database improvements have proved so difficult over the last 15 years, particularly when competitors and other organisations can make similar changes.

“The BBC acknowledges that its current database is not fit for purpose for the future but does not yet have a clear plan to replace it.”

Comment

All outsourcing contracts have their strengths and failures – including early promises that don’t come to anything.

But it’s unlikely councils and other public sector organisations that are seriously considering outsourcing will take into account the past failures and broken promises of their potential suppliers.

If officials and councillors want to outsource IT and other services they probably will, whatever the record of their favoured potential suppliers.

They will see reports of the National Audit Office and Public Accounts Committee as biased towards negative disclosures.

Indeed the BBC and Capita, in their responses to today’s TV licensing report of the Public Accounts Committee, have drawn attention to the positive aspects of the report and not mentioned the technological failures.

Where does this leave councils and other organisations that are considering IT-related outsourcing and are seeking reference sites as part of the bid process?

Will those reference sites give only the positive aspects and not mention, or successfully deprecate, any media, PAC or NAO reports on contract failures?

Negative findings by the National Audit Office and Public Accounts Committee are usually important. Were it not for their scrutiny would not know how public money is being spent and misspent.

But their reports will have little or no effect as warnings to organisations that want to outsource.

Public Accounts Committee – BBC Licence Fee – 26 April 2017

 

Whitehall to auto-extend outsourcing deals using Brexit as excuse?

By Tony Collins

Type of government procurement spend 2014-2015. ICT is the top item.
Source: National Audit Office

Under a headline “UK outsourcing deals extended because of Brexit workload”, the Financial Times has reported that “hundreds of government contracts with the private sector that were due to expire are to be automatically extended because civil servants are too busy with Brexit to focus on new and better-value tenders”.

The FT says the decision to roll over the contracts could prove expensive for taxpayers because it limits competition and undermines government efforts to improve procurement.

A “procurement adviser to the government” whom the FT doesn’t name, said more than 250 contracts were either close to expiring or had already expired in 2016-17. The adviser told the FT,

“Brexit has pushed them down the list of priorities so there are lots of extensions and re-extensions of existing deals.”

The adviser added that this was the only way civil servants could prioritise the huge increase in Brexit-related work since the referendum.

Extensions

The FT provides no evidence of automatic contract extensions or the claim that deals will be extended because of the civil service’s Brexit workload.

There is evidence, however, that Whitehall officials tend to extend contracts beyond their original expiry date.

In a report published this year on the Cabinet Office’s Crown Commercial Service, the National Audit Office identified 22 framework contracts that were due to expire in 2016-17. Half of them (eleven) were extended beyond their original expiry date.

[The Crown Commercial Service was set up in 2014 to improve state procurement.]

The NAO also found that Whitehall departments – and the Crown Commercial Service – have been awarding contracts using expired framework deals, even though this contravenes public contracting regulations.

In 2015-16, 21 of the 39 frameworks that were due to expire were extended without competition or market testing, according to the NAO.

One example of an extended contract is a deal between Capita and the Department for Work and Pensions which started in 2010. Capita provides eligibility assessments for the personal independent payment allowance, which supports for people with long-term ill health or disability.

The five-year deal was extended by two years until July 2019.

Capita has also won a three-year extension to a contract with the Pensions Regulator and the BBC has extended a deal with Capita that was signed originally in 2002 to June 2022 – a total of at least 20 years.

Open competition?

The NAO has found that extending ICT contracts may not always be good for taxpayers. In the later years of their government contracts, suppliers tend to make higher margins (though not always).

There are also suggestions that civil servants will sometimes sign contract extensions when the performance of the supplier does not meet expected standards.

On ICT, the Cabinet Office asks central departments to complete a return every six months for each business process outsourcing and facilities management contract above £20m with strategic suppliers.

The survey asks whether the contract is being delivered on time, to scope, to budget, to the appropriate standards, and whether there have been any disputes.

In one study of government contracts with ICT suppliers, the NAO found that, of 259 returns from departments, 42 highlighted problems that included,

  • failure to achieve milestones
  • dissatisfaction with quality of outputs
  • errors and other issues with delivery
  • poor customer engagement and end user dissatisfaction and
  • failure to meet key performance indicators.

Comment

For taxpayers there is some good news.

A break-up of “Aspire”, the biggest IT outsourcing long-term deal of all, between HMRC and Capgemini (and to a lesser extent Fujitsu) – worth about £9bn – is going ahead this June. An HMRC spokesman says,

“HMRC is on track to complete the phased exit from Aspire, as planned, by June 2017.”

And according to Government Computing, Defra’s IT outsourcing contracts with IBM and Capgemini under a £1.6bn contract called “Unity” are due to expire in 2018 and there are no signs the deals will be extended.

But the Department for Work and Pensions’ huge IT outsourcing contracts with the same major suppliers are renewed routinely and not always with open competition. The DWP says on its website,

“DWP contracts are awarded by competition between potential suppliers, unless there are compelling reasons why competition cannot be used.”

The DWP doesn’t define “compelling”. Nor is it clear whether its auditors look at whether the DWP has put up a compelling case for not putting a large IT contract out to open competition.

In 2014 the Public Accounts Committee, after investigating major suppliers to government, concluded,

“Government is clearly failing to manage performance across the board, and to achieve the best for citizens out of the contracts into which they have entered.

“Government needs a far more professional and skilled approach to managing contracts and contractors, and contractors need to demonstrate the high standards of ethics expected in the conduct of public business, and be more transparent about their performance and costs”.

Breaking up is hard to do

The break up of the huge Aspire IT outsourcing contract at HMRC is an exception, not the rule. The NAO has found that civil servants regard their major incumbent suppliers as safe and less risky than hiring a smaller company (that’s not steeped in Whitehall’s culture).

The NAO has also found that in some cases officials don’t know whether their suppliers are performing well or not. On many ICT contracts there is “open book” accounting, but not all departments have the staff or expertise to check regularly on whether their suppliers’ profits are excessive.

If Whitehall, with exceptions, is continuing to roll over contracts whether it’s legal to do so or not, what incentive exists to stick to the rules?

Brexit?

The FT story suggests Brexit is the reason hundreds of contracts are to be extended automatically. There’s probably truth in the automatic extension of some contracts – but it’s unlikely to be because of Brexit.

It’s unlikely that the civil servants involved in Brexit will be the same ones who are handling ICT contract extensions. That said, Brexit will inevitably put a higher workload on lawyers working for government.

If contracts are being extended automatically, it’s probably because that’s the way it has always been, at least within living memory.

While Sir Humphrey and his senior officials remain only nominally accountable to Parliament for how they spend taxpayers’ money, the easiest option of renewing or extending existing contracts will usually be seen as the best option.

It can be justified with “compelling” arguments such as a need to make an urgent decision in difficult circumstances, or the absence of alternative suppliers who have the necessary skills or the financial strength to accept the risks of failure.

Will anything change?

Until departments have to publish contemporaneously their intentions to award contracts without open competition or there is effective accountability within the civil service for major decisions, little is likely to change.

It hasn’t happened yet and there’s no reason to believe it will.  Many politicians including prime ministers have tried to reform the civil service and they haven’t ruffled a single carpet in the corridors of Whitehall.

As Antony Jay, co-writer of Yes Minister,  said in January 2013,

“The central anomaly is that civil servants have years of experience, jobs for life, and a budget of hundreds of billions of pounds, while ministers have, usually, little or no experience of the job and could be kicked out tomorrow.

” After researching and writing 44 episodes and a play, I find government much easier to understand by looking at ministers as public relations consultants to the real government – which is, of course, the Civil Service.”

In short, Brexit is likely to be officialdom’s up-to-date excuse for carrying on much as before.

Thank you to @TimMorton2 for alerting me to the FT article.

Another Whitehall failure: no officials responsible, fluid facts and doubtful ethics. Plus ça change?

By Tony Collins

It’s rare for truth to emerge from the ashes of a failed contract.

The disastrous contract between Siemens and the BBC (the so-called Digital Media Initiative) was a rarity. Various reports provided confidence that the relevant facts had emerged.

It’s more usual for MPs to report that they haven’t got to bottom of what happened after a Whitehall contract failure.

Indeed today’s report by the Public Accounts Committee says of its inquiry into PA Consulting’s contract with the UK Trade and Investment:

“We cannot remember a previous inquiry in which so many witnesses corrected their evidence after a public session.”

UK Trade and Investment, now the Department for International Trade,  helps UK businesses to export more goods and services and encourages overseas organisations to invest in the UK.

It is funded by the Department for Business, Innovation & Skills and the Foreign & Commonwealth Office.

In May 2014, UK Trade and Investment’s  officials entered into a three-year contract with PA Consulting for the supply of consultants in a contract that involved ICT support.

On small example of unclear facts: in its bid, PA stated that cost categories including ICT were “already included in the costings and will not be charged for separately”. This implied that ICT would be included in the consultants’ day rates.  Today’s Public Accounts Committee report says,

“However, there were separate charges in the pricing schedule for HR, ICT,  legal and professional, quality, and knowledge management.”

After the contract had started, officials became concerned about:

  • the way PA had priced the contract
  • PA’s transparency in its communications with Whitehall.

The contractual relationship eventually broke down and officials terminated the contract in January 2016.

The two sides agreed a settlement in which the taxpayer would pay the balance of PA’s outstanding invoices less a £3m reduction. Officials paid £18.8m for the first 11 months of the contract.

Labour MP Meg Hillier, chairman of the Public Accounts Committee, said today (5 April 2017),

“Even now, ten months after the parties reached a settlement and four months after we took oral evidence, our Committee cannot say with confidence that it has got to the bottom of what happened.”

Poor record-keeping

Even the National Audit Office was unable to obtain a full picture. The NAO said in its 2016 report on PA’s contract,

“Understanding exactly what happened in letting and negotiating this contract is difficult due to the lack of proper documentation, the disagreement between parties and, now, the absence of a number of people who were involved on either side.”

MPs on the Public Accounts Committee say that Whitehall officials:

  • did not keep proper records
  • negotiated significant changes to the contract with PA when they should have gone back to the market
  • pushed for a signing of the contract before they had finished negotiations.

For its part, PA “fell well short of the appropriate duty of care that we expect contractors to demonstrate when in receipt of taxpayers’ money”.

According to the Public Accounts Committee, PA

  • took advantage of the department’s poor decision making
  • sold Whitehall a service it is not clear it needed
  • failed to give the fair breakdown of its costs and profit that officials had asked for
  • used the negotiations to pass on costs to Whitehall that it had said in its bid that it would bear
  • increased its profit from the contract while telling officials that its profit had not increased.

PA Consulting obfuscation?

The Committee says in its report,

“PA has not convinced us that it takes full responsibility for its actions. Its many explanations of its charges both at the time and since have been loosely worded, inconsistent and seemingly designed to obfuscate.

“It is unclear to us how such behaviour would be possible in a well managed professional practice.”

The Committee adds,

“Government’s lack of commercial expertise to get the best deals on behalf of the taxpayer has been a regular cause for concern for this Committee.”

In 2015 RSM UK Consulting produced a draft report on the contract. It included a finding that PA had “consistently made incorrect and misleading representations relating to £3.9m of the overheads charged”.

PA disputed RSM’s findings, stating that it had invoiced according to the agreed charging mechanism.

Overly long contract?

The contract was 596 pages – “difficult to read, understand and use, for a relatively simple service”. The Committee adds,

“The contract incorporates the ITT and bid, both of which are focused on the outcomes and how they will be achieved, and not on the way the contract would actually be run and charged for.

“Furthermore, the bid and contract are not clear on important aspects of the pricing and are often self-contradictory.”

[One would have thought that after decades of practice, Whitehall departments would understand how to commission a clear and unambiguous contract.]

Comment:

There is not even any evidence that some key decisions by Whitehall officials were approved by any formal decision-making body.

This and other findings by the National Audit Office and the Public Accounts Committee are astonishing, not because of their momentousness but because of they are almost routine.

There were similar findings after National Audit Office investigations into early spending on the Universal Credit IT programme.

It’s beginning to look as if Whitehall officials can sometimes hand over money to the private sector without any firm controls at all, which could encourage corruption and, at the least, incompetence and waste.

What’s the civil service’s solution?

To make sure that no officials are held responsible. The civil service is all about collective responsibility. In other words no responsibility.

Is the civil service’s message to the private sector now clear: “Get whatever Whitehall business you can because though the terms of the contract may be tough, what we pay you afterwards may be, for us, a matter of indifference.”

PA Consulting’s contract with UK Trade and Investment

 

Large suppliers still dominate government IT

By Tony Collins

In 2012, the then Cabinet Office minister Francis Maude, lamented the high costs of government IT and spoke of an “oligopoly” of large suppliers. He suggested things would change.

“… contracts were consistently awarded to a limited number of very large suppliers on long-term exclusive contracts.

“As a result there was inadequate competition and an abdication of control. The concept of having one supplier, aggregated supply, increased project risk and removed competitive tension.

“The Government repeatedly found itself paying large amounts for systems that were delivered late, over budget and which often did not fully meet the original policy requirement.  If indeed, they were delivered at all. There are plenty of well-documented disasters – such as DH’s now terminated National programme for IT.

“Ultimately, the last Government lost control of IT – it outsourced not only delivery, but its entire strategy and ability to shape the future of our public services.

“At the same time smaller, more innovative and efficient suppliers were finding themselves locked out of the supply of services to Government because of what was described by Parliament as a powerful “oligopoly” of large suppliers.

“Procurements took so long only the big companies could absorb the cost – which they naturally passed on to us.

“All in all, we had an approach that was bad for users, bad for the taxpayer and bad for growth.”

Public sector IT spending was up to £20bn a year, he said, adding that “public sector productivity was actually declining”.  He outlined how things were changing.

What has happened since?

A report published today by the National Audit “Digital Transformation in Government” raises a question of how much has changed.

Efforts to boost the SME share of government IT business “have had some impact”, says the National Audit Office, but it adds that “most government procurement with digital and technology suppliers continues to be with large organisations”.

“In 2015-16, 94% of such spending was with large enterprises, a fall of less than one percentage point since 2012-13.”

Today’s NAO report is mainly about the Cabinet Office’s Government Digital Service – GDS. It points out GDS’s strengths and weaknesses but in general does not give any advice on the sensitive point of whether it should have more or less influence on government IT.

On digital transformation, it says that the work of the NAO shows that attempts to transform government have had mixed success.

“Many public services appear increasingly unsustainable. Those responsible for major programmes have continued to exhibit over-optimism and make slow progress towards their objectives.”

It adds,

“Digital transformation has a mixed track record across government. It has not yet provided a level of change that will allow government to further reduce costs while still meeting people’s needs.

“GDS has also struggled to demonstrate the value of its own flagship initiatives such as Verify, or to set out clear priorities between departmental and cross-government objectives.

“GDS’s renewed approach aims to address many of these concerns as it expands and develops into a more established part of government. But there continues to be a risk that GDS is trying to cover too broad a remit with unclear accountabilities.

“To achieve value for money and support transformation across government, GDS needs to be clear about its role and strike a balance between robust assurance and a more consultative approach.”

Comment

The National Audit Office report is strong on facts and quality of research but avoids the big question of how GDS can bring about change when the top brass in departments prefer autonomy to what they see as GDS’s interference.

GDS’s existence goes to the heart of how the civil service runs. It is one part of the civil service trying to bring about change in other parts of the civil service.

And the evidence so far is that the civil service doesn’t like change.

The NAO report disappoints because it doesn’t address how government IT is to change if departments are to continue to run empires unchallenged by GDS or the heads of the civil service. Sir Humphrey is still king.

GDS scrutinises departmental IT spending – spending applications are reviewed by a team of eight people within GDS’s Standards Assurance team – but, much to Sir Humphrey’s delight, GDS’s influence seems to be waning.

When Jack Straw was Justice secretary, he told MPs in 2007 that when he abandoned projects there was a fuss at first and soon nobody noticed the project did not exist.

“There is always the option to abandon things. I did that in the Foreign Office with much complaint that the world might end.

“What happened was that we saved a lot of money and no one ever noticed the fact that that scheme did not exist…it is very frustrating that so many people, including the private sector, are taken in by snake oil salesmen from IT contractor who are not necessarily very competent and make a lot of money out of these things. I am pretty intolerant of this.”

How much has changed? Outsiders including Jack Straw and Francis Maude, together with insiders such as Chris Chant have pointed to the need for major changes in the way departments manage huge IT budgets and there have been some improvements: HMRC’s is breaking up its monolithic “Aspire” contract, citizens may notice that it is possible now to renew passports and driving licences online and GDS has had an impact in making departments think hard about whether they really need to spend the amounts they do on major IT contracts.

But major change in the costs of government IT seems not just a long way off but unattainable while the dominance of Sir Humphrey remains unchallenged.

Digital Transformation in Government – NAO report

What Google looks for when hiring staff … traits Whitehall’s culture abhors?

By Tony Collins

The contrast between what Google looks for when hiring staff and what Whitehall looks for when making some of its top appointments, could give clues as to why many government IT-based projects and programmes fail.

First, the strengths Google looks for.  These were set out yesterday on BBC R4 by Laszlo Bock,  human resources chief at Google for 10 years.

Google was named “Best Company to Work For” more than 30 times around the world and received over 100 awards as a top employer during Bock’s time.

In 2010, he was named “Human Resources Executive of the Year”. Under him, Google changed its clunky, arduous recruitment processes that relied on gimmicks like maths puzzles to those that helped the company grow to about 60,000 employees in less than two decades.

In 2015 he  published his first book, The New York Times bestseller Work Rules!, a practical guide to help people find meaning in work and improve the way they live and lead. He resigned from Google in 2016.

On the BBC  “Analysis” programme on Monday evening – which looked at intelligence and talent and what they mean, if anything, in job interviews –  Bock said the least important attribute Google screens for is whether someone knows about the job they are taking on. Crunching the data on successful hiring led Google instead to look for these characteristics:

  • Humility
  • Conscientiousness
  • A sense of responsibility not to quit until the job is done well
  • Comfort with ambiguity
  • A sense of fun
  • Courage

Why courage?

Bock said,

“It’s about the importance of people being able to raise their voices in organisations. One of the things that happens is, when organisations get large, people stop raising their voices and really bad things happen as a result. That’s where you get whistleblowing, insider trading, all kinds of things.

“Human beings are evolved, biologically, as social, hierarchy-seeking animals. We tend to conform. So courage is important because the really innovative, creative stuff comes from ‘I got this crazy idea’ and the bad problems get flagged by people who are willing to raise their hand and say ‘I don’t think this is a good thing to do’.

“Without that you can’t do great things.”

Comment

It’s too easy to generalise about the hiring and appointment of senior civil servants. But it’s possible to understand a little about the hiring culture within Whitehall’s biggest department, the Department for Work and Pensions.

An insight into DWP culture and thinking can be gleaned from the many Lever arch folders of documents filed by the DWP as part of an FOI case in which it spent several years fighting to stop the release of documents about the Universal Credit IT programme.

The documents include DWP witness statements on the “harm” that would be caused if the IT documents in question were published.

The judge in the case, Chris Ryan, challenged most of the DWP’s arguments.

In one of his rulings, Judge Ryan described the DWP’s claims as:

  • alarming and surprising
  • overstated
  • unconvincing
  • close to fanciful

He said that public confidence in the Universal Credit IT programme had been maintained for some time “on a false basis”; and he raised the possibility that an “unhealthily collegiate relationship had developed” between the DWP and private sector IT suppliers. [Campaign4Change will publish a separate blog post on this ruling in the next few days.]

As well as the insight into DWP culture that one can gain from the FOI case, it’s possible to gauge culture and thinking within Whitehall departments from the talented, free-thinking IT individualists who have joined the top layer of the civil service, quit and returned to the private sector.

It would be invidious to pick out some names as there are so many.

What all this suggests is that Whitehall’s culture appreciates conformity and consensus and shuns boat-rocking.

When top IT professionals who joined HMRC and the DWP spoke publicly at conferences about institutional problems that needed to be tackled, mandarins reacted quickly – and such disclosures were never repeated.

And after a leak to the Guardian about the results of a DWP staff survey of morale on the Universal Credit IT programme, the department launched a formal leak inquiry headed by a senior member of the security services.

At the same time, Universal Credit IT programme documents were no longer emailed but transferred around in taxis.

This bout of nervous introspection (the judge described the DWP’s arguments in the FOI case as “defensive”) when taken together with what else we know, indicate that Whitehall’s culture is insular, distrustful and inimical to open challenge and problem-solving (though there are some within the senior Whitehall ranks who successfully defy that culture).

When Bock talks of conformity being a danger within large organisations he would not have had the DWP in mind – but he aptly describes its culture.

When he speaks about the “importance of people being able to raise their voices in organisations” he was probably unaware of the extent to which Whitehall culture abhors raised voices.

As Bock says, when people don’t raise their voices “really bad things happen as a result”. Perhaps the lack of internal challenge was one reason the NHS IT programme – NPfIT – lost billions of pounds, and the DWP’s Universal Credit programme went badly awry for several years.

When Bock says the “really innovative, creative stuff comes from ‘I got this crazy idea’, he could have been describing the culture of the Government Digital Service. But that refreshing GDS culture is being slowly choked by the conservatism of traditional Whitehall departments.

As Bock says, “the bad problems get flagged by people who are willing to raise their hand and say ‘I don’t think this is a good thing to do’.”  But bad problems are things senior civil servants avoid talking about, even internally. A Disneyland”good news” culture pervades central departments.

A National Audit Office report on the Universal Credit programme referred to a “fortress mentality” within the DWP.

Maybe the consensus-seeking John Manzoni, head of the civil service, and his colleague Sir Jeremy Heywood, Cabinet Secretary, could seek to employ Bock as an adviser on appointments and recruitment.

Bock’s brief? To turn around the senior civil service’s culture of conformity, groupthink, denial, selective use of “good news” facts and a lack of open challenge.

Recognising the destructiveness within a big organisation of having the wrong culture – as Bock does – could be the start of a genuine Whitehall transformation.

BBC R4 “Analysis” on talent, intelligence and recruitment

Laszlo Bock steps down

Central buying of IT and other services is a bit of a shambles – just what Sir Humphrey wants?

By Tony Collins

Cabinet Office entrance

Cabinet Office entrance

Like the Government Digital Service, the Crown Commercial Service was set up as a laudable attempt to cut the huge costs of running central government.

The Cabinet Office under Francis Maude set up the Crown Commercial Service [CCS] in 2014 to cut the costs of buying common products and services for Whitehall and the wider public sector including the NHS and police.

It has a mandate to buy commodity IT, other products and services and whatever can be bought in bulk. It has had some success – for example with negotiating lower prices for software licences needed across Whitehall. The skills and knowledge of its civil servants are well regarded.

But, like the Government Digital Service, CCS has had limited support from permanent secretaries and other senior officials who’d prefer to protect their autonomy.

It has also been hindered by unachievable promises of billions of pounds in savings. Even CCS’s own managers at the time regarded the Cabinet Office’s plans for huge savings as over-optimistic.

Yesterday [13 December 2016] the National Audit Office published a report that questioned whether CCS has paid its way, let alone cut public sector costs beyond what civil and public servants could have achieved without it.

CCS employed 790 full-time equivalent staff in 2015/16 and had operating costs in one year alone of £66.3m

This was the National Audit Office’s conclusion:

“CCS has not achieved value for money. The Cabinet Office underestimated the difficulty of implementing joint buying for government. With no business case or implementation plan CCS ran into difficulties. Net benefits have not been tracked so it cannot be shown that CCS has achieved more than the former Government Procurement Service would have.

“However, the strategic argument for joint buying remains strong and CCS is making significant changes to improve future services.”

Some of the NAO’s detailed findings:

  • The public sector spends £2.5bn directly with CCS – £8bn less than originally forecast.
  • Seven departments buy directly through CCS – 10 fewer than originally forecast
  • The forecast of £3.3bn net benefits from the creation of CCS over the four years to 2017-18 are  unlikely to materialise.
  • The National Audit Office says the actual net benefits of CCS to date are “unknown”.
  • The Cabinet Office did not track the overall benefits of creating CCS.
  • Most of the planned transfers of procurement staff from central departments and the wider public sector to CCS haven’t happened.
  • Where some of the workforce has transferred, some departments have rehired staff to replace those who transferred.
  • Departments continue to manage their own procurement teams, although they use CCS’s frameworks.
  • CCS was set up with the power to force central departments to use its bulk buying services. But that power wasn’t enforced.
  • The National Audit Office says it is “no longer clear whether CCS has a clear mandate that requires all departments to use it for direct buying… it no longer has a clear timetable or expectation that further departments will transfer staff or buying functions to CCS”.

It’s all a far cry from the expectations set by a Cabinet Office announcement in 2013 which said that CCS will “ensure maximum value for the taxpayer is extracted from every commercial relationship”.

The then Cabinet Office minister Francis Maude said at the time,

“The new Crown Commercial Service will ensure a step change in our commercial capability, giving government a much tighter grip on all aspects of its commercial performance, from market engagement through to contract management.”

Comment

Why CCS has failed so far to make much difference to Whitehall’s costs is not clear. It seems to have been hit by a combination of poor management at the outset, a high turnover of senior officials and ludicrously high expectations, combined with a civil service reluctance in central departments and the wider public sector to cede control over procurement to CCS –  even when it comes to common products and services.

The NAO report is a reminder of a fundamental flaw in the way government works: central departments can’t in practice be forced to do anything. They are a power unto themselves. The Cabinet Office has powers to mandate a change of practice and behaviour in central departments – to which Sir Humphrey can shrug his shoulders and change nothing

Even the Prime Minister is, in practice, powerless to force departments to do something they don’t want to do (except in the case of the miscarriage of justice that involved two Chinook pilots who were eventually cleared of gross negligence because the then defence secretary Liam Fox, through a series of manoeuvres, forced the MoD to set the finding aside).

The CCS may be doomed to failure unless the Cabinet Office rigorously enforces its mandate to make government departments use its buying services.

If the Cabinet Office does not enforce its power, Sir Humphrey will always protect his turf by arguing that the products and services his officials buy – including IT in general – are specific and are usually tailored to the department’s unique and complex needs.

Much to the relief of Sir Humphrey, Francis Maude, the battle-hardened enforcer at the Cabinet Office, has left the House of Commons. He has no comparable replacement.

Are all central initiatives aimed at making  a real dent in the costs of running Whitehall now doomed to failure?

Sir Humphrey knows the answer to that; and he’s wearing a knowing grin.

Crown Commercial Service – National Audit Office report