Category Archives: project management

A classic “waterfall” IT project disaster – yet officials went by the book

By Tony Collins

Some of those who read “Crash – 10 easy ways to avoid a computer disaster” may remember a warning that buying an IT system on the basis that it works well in another country and can therefore be adapted to the UK’s needs, is flirting with disaster.

First published in 1999, Crash said,

“There are graveyards of computer projects that began life as a simple adaptation of a package used elsewhere in the world.”

One example at that time was the failure of the London Stock Exchange’s Taurus project.

Now a report published today by Audit Scotland on the “i6” project goes into forensic – but lucid – detail on what went wrong and the conflicting views of police and the supplier Accenture.

Says the report,

“The belief that most of the i6 system could be based on an existing IT system proved incorrect.”

It became clear well into project that

“a virtually fully bespoke system was required”.

The plan was for i6 to replace 130 paper-based processes and IT systems but on 1 July 2016, after many well-publicised difficulties and delays, the Scottish Police Authority and Accenture agreed to terminate the i6 contract.

Police in Scotland had chosen Accenture’s bid in 2013 largely because it had successfully implemented a system for Spain’s Guardia Civil police service.

To its credit Accenture refunded all the money the police in Scotland had paid for the i6 system, £11.06m, plus a further £13.56m – but Audit Scotland says the failure of the project …

“means that some of the benefits that should have arisen from implementing it, have been, at best, delayed. There was a need to modernise police ICT systems six years ago when the procurement of i6 began. That need has not been met. Police officers and staff continue to struggle with out-of-date, inefficient and poorly integrated systems.

“This also hinders how Police Scotland interacts and shares information and intelligence with the other parts of the justice system. There is an urgent need to determine what the next steps should be…”

The lessons are clear from the report:

  • Don’t buy an overseas system without realising that it’ll need to be built almost from scratch for the UK. The ideal is for the business processes to be greatly simplified and adapted to fit a tried and tested system, not the other way around. Audit Scotland says the police programme team and Accenture believed that the majority of the i6 system could be based on an existing IT system that Accenture had developed for Spain,  with the remainder being bespoke development work.  But there was an “over-reliance” on Accenture’s work for Guardia Civil”.
  • The “waterfall” systems development contributed to the fact that Police Scotland “only discovered the true extent of problems with the system when it was delivered for testing”.  Waterfall meant that Accenture produced the software in distinct phases, in a sequence resembling a waterfall. Once a phase was complete, the process moved to the next phase – and no turning back. “It meant that all of the design, coding and construction of i6 would be completed before Accenture released it to Police Scotland for testing. Police Scotland would pay for each phase when it was completed.” [Agile, on the other hand, is a “test and see” approach and is far more flexible. It can adapted according to what the end-user needs and wants, and changes in those needs and wants.]
  • Don’t trust the demonstration of a waterfall system. The demo may look great but rolling it out successfully across various regions may be a different story. Accenture had demonstrated i6 but much later, after a period of testing, the i6 programme team reported to the programme board in August 2015 that there were: critical errors in the technical coding, flaws that Accenture was unable to resolve as quickly as expected, serious concerns about the criminal justice module, which did not comply with the Integrated Scottish Criminal Justice Information System data standards, errors in the search and audit modules and “problems around the limited functionality in the administration module”.
  • External assurance reports may tell you that you have complied with good practice and they may give you detailed praise for your attention to detail but they probably haven’t looked at the big question: will the systems ever work? Audit Scotland said external assurance reports such as the Scottish Government’s “Gateway reviews” suggested improvements but “raised no major concerns”.  Throughout the course of the i6 programme, most of the external reviews suggested that delivery confidence was either amber or green.
  • If the plan is for a waterfall development, doing everything by the book before a contract is awarded will not guarantee success, or even make it more likely, if you haven’t asked the big question: Is this ever likely to work given the complexities we don’t yet understand? For officials in Scotland, everything went smoothly before the award of contract: there were even 18 months of pre-contract discussions. But within weeks of the contract’s start, Police Scotland and Accenture disagreed about whether the proposed system would deliver the requirements set out in the contract. Soon there was a “breakdown in relationships and a loss of trust between Police Scotland and Accenture that never fully recovered,” said Audit Scotland.
  • The supplier may be just as optimistic as you. “As the design and development of i6 progressed, it became apparent that Accenture would need to develop significantly more than had been originally anticipated. Despite delays and serious problems throughout the lifetime of the programme, Accenture provided regular assurance, in the face of strong challenge, about their confidence in delivering the i6 system. This assurance proved misplaced.”
  • When planning a waterfall system that has complexities and inter-dependencies that are not fully understood at the outset, expect ever-lengthening delays and projected costs to soar. At one point Police Scotland estimated that the level of effort Accenture would require to complete i6 was around eight times greater than the resources Accenture had estimated when signing the original contract. “The i6 programme team believed that the functionality of Accenture’s solution did not meet the requirements it had agreed in the contract. Accenture maintained that Police Scotland had not specified a detailed description of business requirements. This issue had not emerged during months of pre-award dialogue. Accenture also believed that it had set out clearly what its solution would do and maintained that Police Scotland, as part of procurement process, had accepted its qualified solution. A dispute followed about the interpretation of the contract requirements. Police Scotland argued that, after months of competitive dialogue, the requirements of the i6 system were well-defined, and that in line with the contract, these took precedence. Accenture argued its solution had precedence and that Police Scotland was trying to extend the scope of the programme. Accenture stated that, to meet Police Scotland’s interpretation of requirements, it would require more time and money.”
  • As soon as things start going badly awry, stop and have a re-think. Cancel all existing work if necessary rather than plough on simply because failure isn’t an option. Above all, take politics out of the equation. The Scottish Police Authority was anxious about i6 being seen to be a success after the failure of a previous police ICT project in 2012 – the Common Performance Management Platform. At the same time the i6 programme was “extremely important to Accenture at a global level. “This may have led to misplaced optimism about the prospects of success and unwillingness to consider terminating the programme,” says Audit Scotland.
  • When things start to go wrong, the truth is unlikely to emerge publicly. Even those accountable for the project may be kept in the dark. “Police Scotland were cautious of commercial sensitivities when providing assurances on i6 publicly. The Scottish Parliament’s Justice Sub-Committee on Policing held a number of evidence sessions with the Scottish Police Authority and Police Scotland to explore progress with the i6 programme. In March 2014, the Sub-Committee expressed frustration at the lack of information about the problems with the i6 programme that had been ongoing since August 2013. Police Scotland did not disclose the severity of the issues facing the programme, nor was it overly critical of Accenture. This may have reflected a desire to maintain relationships with Accenture to keep the programme on track or to maintain the commercial confidentiality of the contract.”

Accenture’s response

Accenture said,

“As the report acknowledges, the scope and the complexity of the solution for i6 increased significantly during the project.  This was driven by the client.  There were challenges and issues on both sides, but we worked closely with Police Scotland to review the programme and recommend revised plans to successfully deliver i6.

Despite our best efforts, it was not possible to agree the necessary changes and we mutually agreed to end the project.”

In May 2017 Audit Scotland is due to publish a report that summarises the lessons from a number of public sector ICT projects it has investigated.

Some of what i6 was intended to cover …

Comment

Tis a pity officials in Scotland hadn’t read Crash before they embarked on the i6 project – or if they had, taken more notice of the dangers of assuming a system that works overseas can be tweaked to work in the UK.

We commend Audit Scotland for its expert investigation and a fine report.

Clearly the failure of i6 is not entirely Accenture’s fault.  The project was commissioned on the basis of assumption and when things went wrong politics intervened to prevent a complete stop and a fundamental re-think.

Fatally, perhaps, there appears to have been no discussion about simplifying police administration to make the IT more straightforward. If police administration is so enshrined in law that it cannot be simplified, officials would have to accept before awarding the contract that they were buying an entirely new system.

The UK armed services simplified volumes of rules and practices before it introduced pay and personnel administration systems. It was hard, inglorious work. But simplifying ways of working first can make the difference between IT success and failure.

i6 – a review. Audit Scotland’s report. 

Waterfall approach damns £46m Scottish police system – Government Computing

Another public sector IT disaster – but useful if the lessons are learned.

Southwest One – a positive postscript

By Tony Collins

somerset county council2IBM-led Southwest One has had a mostly bad press since it was set up in 2007. But the story has a positive postscript.

Officials at Somerset County Council now understand what has long been obvious to ICT professionals: that the bulk of an organisation’s savings come from changing the way people work – and less from the ICT itself.

Now that Somerset County Council has the job of running its own IT again – its IT-based relationship with Southwest One ended prematurely in December 2016 – the council’s officials have realised that technology is not an end in itself but an “enabler” of headcount reductions and improvements in productivity.

A 2017 paper by the county council’s “Programme Management Office”  says the council has begun a “technology and people programme” to “contribute to savings via headcount reduction by improving organisational productivity and process efficiency using technology as the key enabler”.

Outsourcing IT a “bad mistake” 

It was in 2007 that Somerset County Council and IBM launched a joint venture, Southwest One. The new company took over the IT staff and some services from the council.

In the nine years since then the council has concluded that outsourcing ICT – thereby separating it from the council’s general operations – was not a good idea.

The same message – that IT is too integral and important to an organisation  to be outsourced – has also reached Whitehall’s biggest department, the Department for Work and Pensions.

Yesterday (8 February 2017) Lord Freud,  who was the Conservative minister in charge of Universal Credit at the Department for Work and Pensions, told MPs that outsourcing IT across government had proved to be a “bad idea”.  He said,

“What I didn’t know, and I don’t think anyone knew, was how bad a mistake it had been for all of government to have sent out their IT…

“You went to these big firms to build your IT. I think that was a most fundamental mistake, right across government  and probably across government in the western world …

” We talk about IT as something separate but it isn’t. It is part of your operating system. It’s a tool within a much better system. If you get rid of it, and lose control of it, you don’t know how to build these systems.

” So we had an IT department but it was actually an IT commissioning department. It didn’t know how to do the IT.

“What we actually discovered through the (Universal Credit) process was that you had to bring the IT back on board. The department has been rebuilding itself in order to do that. That is a massive job.”

Task facing Somerset officials

Somerset County Council says in its paper that the council now suffers from what it describes as:

  • Duplicated effort
  • Inefficient business processes
  • A reliance on traditional ways of working (paper-based and meeting-focused).
  • Technology that is not sufficient to meet business needs
  • Inadequate data extraction that does not support evidence based decision making.
  • “Significant under-investment in IT”.

To help tackle these problems the council says it needs a shift in culture. This would enable the workforce to change the way it works.  

From January 2017 to 2021, the council plans “organisation and people-led transformational change focused on opportunities arising from targeted systems review outcomes”.

The council’s officers hope this will lead to

  • Less unproductive time in travelling and  attending some statutory duties such as court proceedings.
  • Fewer meetings.
  • Reduced management time because of fewer people to manage e.g. supervision, appraisal, performance and sickness.
  • Reduced infrastructure spend because fewer people will mean cuts in building and office costs, and IT equipment. Also less training would be required.
  • Reduction in business support process and roles.
  • Reduction in hard copy file storage and retention.

 The council has discovered that it could, for instance, with changes in working practices supported by the right technology,  conduct the same number of social services assessments with fewer front- line social workers or increase the level of assessments with the same number of staff.

Southwest One continues to provide outsourced services to Avon and Somerset Police. The contract expires next year.

Comment

Somerset County Council is taking a bold, almost private sector approach to IT.

Its paper on “technology and people” says in essence that the council cannot  save much money by IT change alone.

Genuine savings are to be found in changing ways of working and thus reducing headcount. This will require very close working – and agreement – between IT and the business end-users within the council.

It is an innovative approach for a council.

The downside is that there are major financial risks, such as a big upfront spend with Microsoft that may or may not more than pay for itself.

Does outsourcing IT ever make sense?

Somerset County Council is not an international organisation like BP where outsourcing and standardising IT across many countries can make sense.

The wider implication of Somerset’s experience – and the experience of the Department for Work and Pensions – is that outsourcing IT in the public sector is rarely a good idea.

Thank you to Dave Orr, who worked for Somerset County Council as an IT analyst and who has, since the Southwest One contract was signed in 2007, campaigned for more openness over the implications of the deal.

He has been more effective than any Somerset councillor in holding to account the county council, Taunton Deane Borough Council and Avon and Somerset Police, over the Southwest One deal.  He alerted Campaign4Change to Somerset’s “Technology and People Programme” Somerset paper.

One of Orr’s recent discoveries is that the council’s IT assets at the start of the Southwest One contract were worth about £8m and at hand-back in December 2016 were worth just £0.32m, despite various technology refreshes.

Somerset County Council’s “Technology and People Programme” paper

Whitehall’s outsourcing IT a “bad mistake” – and other Universal Credit lessons, by a former DWP minister

Days from taking back outsourced IT, Somerset Council is unsure what it’ll find

By Tony Collins

Facing the TV cameras, officials at Somerset County Council spoke with confidence about the new joint venture company they had set up with the “world-class” IT supplier IBM.

“The contract has to succeed; we will make it succeed, ” a senior official said at the time. Greater choice for residents, more control, sustained improvement of services, improved efficiency, tens of millions in savings and enhanced job prospects for staff.

These were some of the promises in 2007.

Since then, Somerset County Council has been through a costly legal dispute with IBM; projected savings have become losses, and Somerset is days away from taking back the service early.

Now the council faces new IT-related risks to its reputation and finances, warns a team of auditors.

In several audit reports on the exit arrangements, auditors warn of a series of uncertainties about:

  •  what exactly IT assets the council will own as of 1 December 2016, when the joint venture hands back IT and staff.
  • how much software may not be licensed, therefore being used illicitly.
  • how much software is being paid for without being needed or used, wasting council tax money.
  • whether thousands of pieces of hardware have been disposed of securely over the years of the contract, or whether confidential data could later turn up in the public domain.
  • the accuracy of some supplied information. “… the same networking hardware items have the same value associated with them even though one is twelve years old and the other only four” said auditors.

Comment

That Somerset County Council laments setting up the Southwest One joint venture with IBM is not new. What continues to surprise is the extent of the difficulties of ending the joint venture cleanly – despite months, indeed more than a year – of preparatory work.

The realty is that uncertainties and risks abound.

When IT journalists ask leading councillors and officers at the start of outsourcing/joint venture deals whether all the most potentially serious risks have been given proper consideration, the spokespeople inevitably sound supremely confident.

If things go wrong, they are sure the council will be able to take back the service under secure arrangements that have been properly planned and written into the contract.

Yet today some of the most potentially serious risks to Somerset’s finances and reputation come from continuing threats such as the possibility confidential data being found on old hardware not securely disposed of.

Or the council may be paying for unneeded software licences.

In short Somerset County Council is taking back the IT service on 1 December 2016 without being certain what it will find.

In future, therefore, when councillors and officials across the country talk with supreme confidence at the start of an outsourcing deal or joint venture about large savings, sustained efficiencies, and a step-change improvement in services that comes with the benefits of collaborating with a world-class private-sector partner, local residents will have every right to be deeply sceptical.

For the reality is more likely to be that the council and its world-class supplier are about to embark on a journey into the unknown.

Thank you to campaigner Dave Orr for alerting me to the council audit reports that made this post possible.

TV broadcast in 2007 days after the council and IBM signed the Southwest One joint venture deal.

**

Excerpts from reports due to be considered by Somerset County Council’s Audit Committee next week (29 November 2016):

“… laptops, servers, storage devices, networking equipment, etc.) have been disposed of without the correct documentation historically, throughout the term with SWO [Southwest One]. There is a high likelihood that without the documentation to show that SWO were meant to have previously disposed of any specific data baring assets in a compliant manner then subsequent fines and loss of reputation will need to be dealt with by the Council.

“This is being addressed as part of the exit works but initial investigations show an expected lack of documentation.

**

“The quality of asset management and therefore exposure to risk (over and above this inherited risk) is expected to improve significantly once asset management returns to SCC [Somerset County Council).”

**

“Asset locations have been updated and improved though there are still issues regarding all asset details not being recorded accurately in the Asset Register. There is a risk that if wrong details are recorded against an asset then incorrect decisions could be made regarding these assets which may in turn cause the Council financial loss and/or loss of reputation.”

**

“… the same networking hardware items have the same value associated with them even though one is twelve years old and the other only four.”

**

“Software assets are now included in the monthly asset register report though the information collected and lack of correlation to meaningful license information means the original risk is not fully mitigated.

“This continued lack of software asset usage information against licensing proof of entitlement as well as the obvious risk of illegally using non licensed software there is also a risk that the Council is wasting public funds and Council officer’s time to manage unnecessary software. This means the Council will not be able to show “Best Value” in these purchases which could lead to fines being imposed by Central Government and loss of reputation by the inefficiencies being reported in the media.”

**

“I cannot though see evidence of the warranty & support arrangements being recorded or accurate recording of end of life assets. Due to a lack of or incorrect detail on the asset information there is the risk of incorrect decisions being made regarding an asset’s usage which could then lead to loss of money or reputation for the Council.”

Record one-day fall in Capita share price – will customers care?

By Tony Collins

The share price of outsourcing specialist Capita fell 27% yesterday, a record one-day fall for the company. It was down a further 5% this morning (10.30 am, 30 September 2016).

The company said in a regulatory statement yesterday it is taking immediate steps to reduce the cost base in its underperforming businesses, which should benefit its 2017 results.

Some customers may be entitled to ask whether the transformation-based outsourcing services they are buying from Capita will be affected by any of the company’s financial pressures.

In local government Capita has what it calls “transformational partnerships” with Sheffield City Council, Southampton City Council, London Borough of Barnet, Blackburn with Darwen Council, North Tyneside, West Sussex County Council and Oxfordshire County Council.

Capita also has a joint venture agreement with Birmingham City Council, in a partnership that goes by the name of “Service Birmingham”.

Capita’s regulatory announcement yesterday said “our performance in the second half of the year to date has been below  expectations, as a result of a slow-down in specific trading businesses,  one-off costs incurred on the Transport for London (TfL) congestion charging contract and continued delays in client decision making”.

The company’s trading update said,

“Capita is taking immediate steps to reduce the cost base in the underperforming businesses, which should benefit 2017.”

Capita expects that capital expenditure will be lower than last year.

Outsourcing advocates may see the slow-down as temporary problem for Capita – and indeed the company has announced £949m of “major contract wins in the year to date,  including being recently selected by Three as the preferred bidder for a contract to provide customer management services in the UK, which is expected to start in 2017”.

It added, though, that “revenue from new major sales in the second half of this year is likely to be lower than expected, due to continued delays in decision making and lower conversion of our pipeline”.

Other observers of the outsourcing market may wonder whether major suppliers will always have enough margin to transform a customer’s business, including big new investments in ICT, while continuing to run the client’s operations successfully.

In yesterday’s trading update, Capita referred to problems on two contracts, one with Transport for London and another with the Co-op Bank. It said:

“We have experienced delays on the implementation of new IT systems on the  Transport for London (TfL) congestion charging contract.

“As a result, we expect  to incur between £20m and £25m of one-off costs, which will be included in our  underlying results. The systems have now gone live, the contract is performing  well operationally and these costs will not recur next year.

“Furthermore, we  are in a contractual dispute with the Co-op Bank regarding obligations relating  to the transformation of services.  The ongoing mortgage processing being  undertaken by Capita is performing well.  However, there is a risk of  litigation in respect of the transformation.”

Co-op dispute

Capita’s chief executive Andy Parker was reported in The Telegraph as saying there was a “high” risk of litigation with Co-op Bank over its contract to help administer mortgages.

“Everything’s ready to go and the client is refusing to sign off for one reason only – if they sign off, they have to pay us,” he is quoted s saying. “We’re still hitting targets and delivering for this bank.”

The Co-operative Bank, for its part, suggested it is owed money for delays, and denied it has failed to pay. “The bank strongly refutes Capita’s suggestion that they have delivered an element of the transformation programme which the bank has not paid for,” Co-op Bank was quoted as saying. “In addition, there are amounts which the bank regards as owing to it by Capita.”

Co-op added that it continues to “work through” the issues with the programme.

“The bank continues to work through the issues surrounding this transformation programme with Capita. The existing outsourcing of mortgage processing to Capita both for new and existing bank customers continues to operate in a satisfactory manner and the bank is committed to ensuring that this remains the case going forward,” said the Co-op.

Transport for London

On Capita’s TfL congestion charge contract, Andy Parker said,

“The upgrade proved more complex than we anticipated and the penalties ramped up very quickly.”

At Forbes, which has ranked Capita as one of the world’s most innovative companies, a writer and analyst warned (speculatively) of the possibility of “further profit downgrades in the months to come, allied with the possibility of subdued revenues growth in the years ahead.

Analysts say Capita’s prospects may be dented by uncertainties over Brexit.

The concluding paragraph of Capita’s trading update yesterday said,

“We remain confident of the strength of our business model and aim to return the Group to profit growth next year, excluding the benefit from TfL one-off costs  dropping out.”

Capita is a FTSE 100 company. In 1991 when it was floated its turnover was about £25m. Now it’s close to £5bn. It employs 75,000, about 17,000 of them abroad.

Thank you to campaigner Dave Orr for alerting me to Capita’s announcement yesterday.

Capita trading update

 

Excellent reports on lessons from Universal Credit IT project published today – but who’s listening?

By Tony Collins

“People burst into tears, so relieved were they that they could tell someone what was happening.”

The Institute for Government has today published one of the most incisive – and revelatory – reports ever produced on a big government IT project.

It concludes that the Universal Credit IT programme may now be in recovery after a disastrous start, but recovery does not mean recovered. Much could yet floor the programme, which is due to be complete in 2022.

The Institute’s main report is written by Nick Timmins, a former Financial Times journalist, who has written many articles on failed publicly-funded IT-based projects.

His invaluable report, “Universal Credit – from disaster to recovery?” – includes interviews with David Pitchford, a key figure in the Universal Credit programme, and Howard Shiplee who led the Universal Credit project.

Timmins also spoke to insiders, including DWP directors, who are not named, and the former secretary of state at the Department for Work and Pensions Iain Duncan Smith and the DWP’s welfare reform minster Lord Freud.

Separately the Institute has published a shorter report “Learning the lessons from Universal Credit which picks out from Timmins’ findings five “critical” lessons for future government projects. This report, too, is clear and jargon-free.

Much of the information on the Universal Credit IT programme in the Timmins report is new. It gives insights, for instance, into the positions of Universal Credit’s major suppliers HP, IBM, Accenture.

It also unearths what can be seen, in retrospect, to be a series of self-destructive decisions and manoeuvres by the Department for Work and Pensions.

But the main lessons in the report – such as an institutional and political inability to face up to or hear bad news – are not new, which raises the question of whether any of the lessons will be heeded by future government leaders – ministers and civil servants – given that Whitehall departments have been making the same mistakes, or similar ones, for decades?

DWP culture of suppressing any bad news continues

Indeed, even as the reports lament a lack of honesty over discussing or even mentioning problems – a “culture of denial” – Lord Freud, the minister in charge of welfare reform, is endorsing FOI refusals to publish the latest risk registers, project assessment reviews and other Universal Credit reports kept by the Department for Work and Pensions.

More than once Timmins expresses his surprise at the lack of information about the programme that is in the public domain. In the “acknowledgements” section at the back of his report Timmins says,

“Drafts of this study were read at various stages by many of the interviewees, and there remained disputes not just about interpretation but also, from some of them, about facts.

“Some of that might be resolvable by access to the huge welter of documents around Universal Credit that are not in the public domain. But that, by definition, is not possible at this stage.”

Churn of project leaders continues

Timmins and the Institute warn about the “churn” of project leaders, and the need for stable top jobs.

But even as the Institute’s reports were being finalised HMRC was losing its much respected chief digital officer Mark Dearnley, who has been in charge of what is arguably the department’s riskiest-ever IT-related programme, to transfer of legacy systems to multiple suppliers as part of the dismantling of the £8bn “Aspire” outourcing venture with Capgemini.

Single biggest cause of Universal Credit’s bad start?

Insiders told Timmins that the fraught start of Universal Credit might have been avoided if Terry Moran had been left as a “star” senior responsible owner of the programme. But Moran was given two jobs and ended up having a breakdown.

In January 2011, as the design and build on Universal Credit started, Terry Moran was given the job of senior responsible owner of the project but a few months later the DWP’s permanent secretary Robert Devereux took the “odd” decision to make Moran chief operating officer for the entire department as well. One director within the DWP told Timmins:

“Terry was a star. A real ‘can do’ civil servant. But he couldn’t say no to the twin posts. And the job was overwhelming.”

The director claimed that Iain Duncan Smith told Moran – a point denied by IDS – that if Universal Credit were to fail that would be a personal humiliation and one he was not prepared to contemplate. “That was very different from the usual ministerial joke that ‘failure is not an option’. The underlying message was that ‘I don’t want bad news’, almost in words of one syllable. And this was in a department whose default mode is not to bring bad news to the top. ‘We will handle ministers’ is the way the department operates…”

According to an insider, “Terry Moran being given the two jobs was against Iain’s instructions. Iain repeatedly asked Robert [Devereux] not to do this and Robert repeatedly gave him assurances that this would be okay” – an account IDS confirms. In September 2012, Moran was to have a breakdown that led to early retirement in March 2013. He recorded later for the mental health charity Time to Talk that “eventually, I took on more and more until the weight of my responsibilities and my ability to discharge them just grew too much for me”.

Timmins was told, “You cannot have someone running the biggest operational part of government [paying out £160bn of benefits a year] and devising Universal Credit. That was simply unsustainable,”

Timmins says in his report, “There remains a view among some former and current DWP civil servants that had that not happened (Moran being given two jobs), the programme would not have hit the trouble it did. ‘Had he been left solely with responsibility for UC [Universal Credit], I and others believe he could have delivered it, notwithstanding the huge challenges of the task,’ one says.”

Reviews of Universal IT “failed”

Timmins makes the point that reviews of Universal Credit by the Major Projects Authority failed to convey in clear enough language that the Universal Credit programme was in deep trouble.

“The [Major Projects Authority] report highlighted a lack of sufficient substantive action on the points raised in the March study. It raised ‘high’ levels of concern about much of the programme – ‘high’ being a lower level of concern than ‘critical’. But according to those who have seen the report, it did not yet say in words of one syllable that the programme was in deep trouble.”

Iain Duncan Smith told Timmins that the the Major Projects review process “failed me” by not warning early enough of fundamental problems. It was the ‘red team’ report that did that, he says, and its contents made grim reading when it landed at the end of July in 2012.

Train crash on the way

The MPA [Cabinet Office’s Major Projects Authority] reviewed the programme in March 2011. “MPA reports are not in the public domain. But it is clear that the first of these flagged up a string of issues that needed to be tackled …

” In June a member of the team developing the new government’s pan-government website – gov.uk – was invited up to Warrington [base for the Universal Credit IT team] to give a presentation on how it was using an agile approach to do that.

“At the end of the presentation, according to one insider, a small number from the audience stayed behind, eyeing each other warily, but all wanting to talk. Most of them were freelancers working for the suppliers. ‘Their message,’ the insider says, ‘was that this was a train crash on the way’ – a message that was duly reported back to the Cabinet Office, but not, apparently, to the DWP and IDS.”

Scared to tell the truth

On another occasion when the Major Projects Authority visited the IT team at Warrington for the purposes of its review, the review team members decided that “to get to the truth they had to make people not scared to tell the truth”. So the MPA “did a lot of one-on-one interviews, assuring people that what they said would not be attributable. And under nearly every stone was chaos.

“People burst into tears, so relieved were they that they could tell someone what was happening.

” There was one young lad from one of the suppliers who said: ‘Just don’t put this thing [Universal Credit] online. I am a public servant at heart. It is a complete security disaster.’

IBM, Accenture and HP

“Among those starting to be worried were the major suppliers – Accenture, HP and IBM. They started writing formal letters to the department.

‘Our message,’ according to one supplier, ‘was: ‘Look, this isn’t working. We’ll go on taking your money. But it isn’t going to work’.’ Stephen Brien [then expert adviser to IDS] says of those letters: ‘I don’t think Iain saw them at that time, and I certainly didn’t see them at the time.”

At one point “serious consideration was given to suing the suppliers but they had written their warning letters and it rapidly became clear that that was not an option”.

Howard Shiplee, former head of the project, told Timmins that he had asked himself ‘how it could be that a very large group of clever people drawn from the DWP IT department with deep experience of the development and operation of their own massive IT systems and leading industry IT suppliers had combined to get the entire process so very wrong? Equally, ‘how could another group of clever people [the GDS team] pass such damning judgement on this earlier work and at the stroke of a pen seek to write off millions of pounds of taxpayers’ money?’

Shiplee commissioned a review from PwC on the work carried out to date and discovered that the major suppliers “were genuinely concerned to have their work done properly, support DWP and recover their reputations”.

In addition, when funding had been blocked at the end of 2012, the suppliers “had not simply downed tools but had carried on development work for almost three months” as they ran down the large teams that had been working on it.

“As a result, they had completed the development for single claimants that was being used in the pathfinder and made considerable progress on claims for couples and families. And their work, the PwC evaluation said, was of good quality.”

On time?

When alarm bells finally started ringing around Whitehall that Universal Credit was in trouble,  IDS found himself under siege. Stephen Brien says IDS was having to battle with the Treasury to keep the funding going for the project. He had to demonstrate that the programme was on time and on budget.

‘The department wanted to support him in that, and didn’t tell him all the things that were going wrong. I found out about some of them, but I didn’t push as hard as I should have. And looking back, the MPA [Major Projects Authority] meetings and the MPA reports were all handled with a siege mentality. We all felt we had to stand shoulder to shoulder defending where we were and not really using them to ask: ‘Are we where we should be?’

‘As a result we were not helping ourselves, and we certainly were not helping others, including the MPA. But we did get to the stage between the end of 2011 and the spring of 2012 where we said: ‘Okay, let’s get a red team in with the time and space to do our own challenge.’”

The DWP’s “caste” system

A new IT team was created in Victoria Street, London – away from Warrington but outside the DWP’s Caxton Street headquarters. It started to take a genuinely agile approach to the new system. One of those involved told Timmins:

“It had all been hampered by this caste system in the department where there is a policy elite, then the operational people, and then the technical people below that.

“And you would say to the operational people: ‘Why have you not been screaming that this will never work?’ And they’d say: ‘Well, we’re being handed this piece of sh** and we are just going to have to make it work with workarounds, to deal with the fact that we don’t want people to starve. So we will have to work out our own processes, which the policy people will never see, and we will find a way to make it work.’

Twin-track approach

IBM, HP and Accenture built what’s now known as the “live” system which enabled Universal Credit to get underway, and claims to be made in jobcentres.

It uses, in part, the traditional “waterfall” approach and has cost hundreds of millions of pounds. In contrast there’s a separate in-house “digital” system that has cost less than £10m and is an “agile” project.

A key issue, Shiplee told Timmins, was that the new digital team “would not even discuss the preceding work done by the DWP and its IT suppliers”. The digital team had, he says, “a messiah-like approach that they were going to rebuild everything from scratch”.

Rather than write everything off, Shiplee wanted ideally to marry the “front-end” apps that the GDS/DWP team in Victoria Street was developing with the work already done. But “entrenched attitudes” made that impossible. The only sensible solution, he decided, was a “twin-track” approach.

“The Cabinet Office remained adamant that the DWP should simply switch to the new digital version – which it had now become clear, by late summer, would take far longer to build than they anticipated – telling the DWP that the problem was that using the original software would mean ‘creating a temporary service, and temporary will become permanent’.

“All of which led to the next big decision, which, to date, has been one of the defining ones. In November 2013, a mighty and fraught meeting of ministers and officials was convened. Pretty much everyone was there. The DWP ministers, Francis Maude (Cabinet Office minister), Oliver Letwin who was Cameron’s policy overlord, Sir Jeremy Heywood, the Cabinet Secretary, Sir Bob Kerslake, the head of the home civil service, plus a clutch of DWP officials including Robert Devereux and Howard Shiplee as the senior responsible owner along with Danny Alexander and Treasury representatives.

“The decision was whether to give up on the original build, or run a twin-track approach: in other words, to extend the use of the original build that was by now being used in just over a dozen offices – what became dubbed the ‘live’ service – before the new, and hopefully much more effective, digital approach was finished and on stream.

“It was a tough and far from pleasant meeting that is etched in the memories of those who were there…

“One of those present who favoured the twin-track approach says: There were voices for writing the whole of the original off. But that would have been too much for Robert Devereux [the DWP’s Permanent Secretary] and IDS.

” So the twin-track approach was settled on – writing a lot of the original IT down rather than simply writing it off. That, in fact, has had some advantages even if technically it was probably the wrong decision…

“It has, however, seen parts of the culture change that Universal Credit involves being rolled out into DWP offices as more have adopted Universal Credit, even if the IT still requires big workarounds.

“More and more offices, for example, have been using the new claimant commitment, which is itself an important part of Universal Credit. So it has been possible to train thousands of staff in that, and get more and more claimants used to it, while also providing feedback for the new build.”

Francis Maude was among those who objected to the twin-track approach, according to leaked minutes of the project oversight board at around this time.

Lord Freud told Timmins,

‘Francis was adamant that we should not go with the live system [that is, the original build]. He wanted to kill it. But we, the DWP, did not believe that the digital system would be ready on anything like the timescales they were talking about then …But I knew that if you killed the live system, you killed Universal Credit…”

In the end the twin-track approach was agreed by a majority. But the development of the ‘agile’ digital service was immediately hampered by a spat over how quickly staff from the GDS were to be withdrawn from the project.

Fury over National Audit Office report

In 2013 the National Audit Office published a report Universal Credit – early progress –  that, for the first time, brought details of the problems on the Universal Credit programme into the public domain. Timmins’ report says that IDS and Lord Freud were furious.

“IDS and, to an only slightly lesser extent, Lord Freud were furious about the NAO report; and thus highly defensive.”

IDS tried to present the findings of the National Audit Office as purely historical.

In November 2014, the NAO reported again on Universal Credit. It once more disclosed something that ministers had not announced – that the timetable had again been put back two years (which raises further questions about why Lord Freud continues to refuse FOI requests that would put into the public domain – and inform MPs – about project problems, risks and delays without waiting for an NAO report to be published)..

Danny Alexander “cut through” bureaucracy

During one period, the Treasury approval of cash became particularly acute. Lord Freud told Timmins:

“We faced double approvals. We had approval about any contract variation from the Cabinet Office and then approvals for the money separately from the Treasury.

“The Government Digital Service got impatient because they wanted to make sure that the department had the ability to build internally rather than going out to Accenture and IBM, who (sic) they hate.

“The approvals were ricocheting between the Cabinet Office and the Treasury and when we were trying to do rapid iteration. That was producing huge delays, which were undermining everything. So in the end Danny Alexander [Lib-dem MP who was chief secretary to the Treasury] said: ‘I will clear this on my own authority.’ And that was crucial. Danny cut through all of that.”

Optimism bias

So-called optimism bias – over-optimism – is “such a common cause of failure in both public and private projects that it seems quite remarkable that it needs restating. But it does – endlessly”.

Timmins says the original Universal Credit white paper – written long before the start of the programme – stated that it would involve “an IT development of moderate scale, which the Department for Work and Pensions and its suppliers are confident of handling within budget and timescale”.

David Pitchford told Timmins,

“One of the greatest adages I have been taught and have learnt over the years in terms of major projects is that hope is not a management tool. Hoping it is all going to come out all right doesn’t cut it with something of this magnitude.

“The importance of having a genuine diagnostic machine that creates recommendations that are mandatory just can’t be overstated. It just changes the whole outcome completely. As opposed to obfuscation and optimism bias being the basis of the reporting framework. It goes to a genuine understanding and knowledge of what is going on and what is going wrong.”

Sir Bob Kerslake, who also identified the ‘good news culture’ of the DWP as being a problem, told Timmins,

“All organisations should have that ability to be very tough about what is and isn’t working. The people at the top have rose-tinted specs. They always do. It goes with the territory.

And unless you are prepared to embrace people saying that ‘really, this is in a bad place’… I can think of points where I have done big projects where it was incredibly important that we delivered the unwelcome news of where we were on that project. But it saved me, and saved my career.”

Recovery?

Timmins makes good arguments for his claim that the Universal Credit programme may be in recovery – but not recovered – and that improvements have been made in governance to allow for decisions to be properly questioned.

But there is no evidence the DWP’s “good news” culture has changed. For instance the DWP says that more than 300,000 people are claiming Universal Credit but the figure has not been audited and it’s unclear whether claimants who have come off the benefit and returned to it – perhaps several times – are being double counted.

Timmins points out the many uncertainties that cloud the future of the Universal Credit programme  – how well the IT will work, whether policy changes will hit the programme, whether enough staff will remain in jobcentres, and whether the DWP will have good relations with local authorities that are key to the delivery of Universal Credit but are under their own stresses and strains with resourcing.

There are also concerns about what changes the Scots and Northern Irish may want under their devolved powers, and the risk that any ‘economic shock’ post the referendum pushes up the volume of claimants with which the DWP has to deal.

 Could Universal Credit fail for non-IT reasons?

Timmins says,

“In seeking to drive people to higher earnings and more independence from the benefits system, there will be more intrusion into and control over the lives of people who are in work than under the current benefits system. And there are those who believe that such an approach – sanctioning people who are already working – will prove to be political dynamite.”

The dire consequences of IT-related failure

It is also worth noting that Universal Credit raises the stakes for the DWP in terms of its payment performance, says Timmins.

“If a tax credit or a Jobseeker’s Allowance payment or any of the others in the group of six go awry, claimants are rarely left penniless in the sense that other payments – for example, Housing Benefit in the case of Jobseeker’s Allowance or tax credits, – continue.

“If a Universal Credit payment fails, then all the support from the state, other than Child Benefit or disability benefits not included within Universal Credit, disappears.”

This happened recently in Scotland when an IT failure left hundreds of families penniless. The DWP’s public response was to describe the failure in Scotland as “small-scale”.

Comment

What a report.

It is easy to see how much work has gone into it. Timmins has coupled his own knowledge of IT-related failure with a thorough investigation into what has gone wrong and what lessons can be learned.

That said it may make no difference. The Institute in its “lessons” report uses phrases such as “government needs to make sure…”. But governments change and new administrations have an abundance – usually a superfluity – of confidence and ambition. They regard learning lessons from the past as putting on brakes or “nay saying”. You have to get with the programme, or quit.

Lessons are always the same

There will always be top-level changes within the DWP. Austerity will always be a factor.  The culture of denial of bad news, over-optimism about what can be achieved by when and how easily it can be achieved, over-expectations of internal capability, over-expectation of what suppliers can deliver, embarking on a huge project without clearly or fully understanding what it will involve, not listening diligently to potential users and ridiculously short timescales are all well-known lessons.

So why do new governments keep repeating them?

When Universal Credit’s successor is started in say 2032, the same mistakes will probably be repeated and the Institute for Government, or its successor, will write another similar report on the lessons to be learned.

When Campaign4Change commented in 2013 that Universal Credit would probably not be delivered before 2020 at the earliest, it was an isolated voice. At the time, the DWP press office – and its ministers – were saying the project was on budget and “on time”.

NPfIT

The National Audit Office has highlighted similar lessons to those in the Timmins report, for example in NAO reports on the NPfIT – the NHS IT programme that was the world’s largest non-military IT scheme until it was dismantled in 2011. It was one of the world’s biggest IT disasters – and none of its lessons was learned on the Universal Credit programme.

The NPfIT had an anti-bad news culture. It did not talk enough to end users. It had ludicrous deadlines and ambitions. The politicians in charge kept changing, as did some of programme leaders. There was little if any effective internal or external challenge. By the time it was dismantled the NPfIT had lost billions.

What the Institute for Government could ask now is, with the emasculation of the Government Digital Service and the absence of a powerful Francis Maude figure, what will stop government departments including the DWP making exactly the mistakes the IfG identifies on big future IT-enabled programmes?

In future somebody needs the power to say that unless there is adequate internal and external challenge this programme must STOP – even if this means contradicting a secretary of state or a permanent secretary who have too much personal and emotional equity in the project to allow it to stop. That “somebody” used to be Francis Maude. Now he has no effective replacement.

Victims

It’s also worth noting in the Timmins report that everyone seems to be a victim, including the ministers. But who are perpetrators? Timmins tries to identify them. IDS does not come out the report smelling of roses. His passion for success proved a good and bad thing.

Whether the direction was forwards or backwards IDS  was the fuel that kept Universal Credit going.  On the other hand his passion made it impossible for civil servants to give him bad news – though Timmins raises questions about whether officials would have imparted bad news to any secretary of state, given the DWP’s culture.

Neither does the DWP’s permanent secretary Robert Devereux emerge particularly well from the report.

How it is possible for things to go so badly wrong with there being nobody to blame? The irony is that the only people to have suffered are the genuine innocents – the middle and senior managers who have most contributed to Universal Credit apparent recovery – people like Terry Moran.

Perhaps the Timmins report should be required reading among all involved in future major projects. Competence cannot be made mandatory. An understanding of the common mistakes can.

Thank you to FOI campaigner Dave Orr for alerting me to the Institute’s Universal Credit reports.

Thanks also to IT projects professional John Slater – @AmateurFOI – who has kept me informed of his FOI requests for Universal Credit IT reports that the DWP habitually refuse. 

Update 18.00 6 September 2016

In a tweet today John Slater ( @AmateurFOI ) makes the important point that he asked the DWP and MPA whether either had held a “lessons learned” exercise in the light of the “reset” of the Universal Credit IT programme. The answer was no.

This perhaps reinforces the impression that the DWP is irredeemably complacent, which is not a good position from which to lead major IT projects in future.

Universal Credit – from disaster to recovery?

Learning the lessons from Universal Credit

 

Inside Universal Credit IT – analysis of document the DWP didn’t want published

dwpBy Tony Collins

Written evidence the Department for Work and Pensions submitted to an FOI tribunal – but did not want published (ever) – reveals that there was an internal “lack of candour and honesty throughout the [Universal Credit IT] Programme and publicly”.

It’s the first authoritative confirmation by the DWP that it has not always been open and honest when dealing with the media on the state of the Universal Credit IT programme.

FOI tribunal grants request to publish DWP's written submission

FOI tribunal grants request to publish DWP’s written submission

According to the DWP submission, senior officials on the Programme became so concerned about leaks that a former member of the security services was brought in to lead an investigation. DWP staff and managers were the subjects of “detailed interviews”. Employee emails were “reviewed”, as were employee access rights to shared electronic areas.

Staff became “paranoid” about accidentally leaving information on a printer. Some of the high-security measures appear still to be in place.

Unpublished until now, the DWP’s written legal submission referred, in part, to the effects on employees of leak investigations.

The submission was among the DWP’s written evidence to an FOI Tribunal in February 2016.

The Government Legal Service argued that the DWP’s written evidence was for the purposes of the tribunal only. It should not be published or passed to an MP.

The Legal Service went further: it questioned the right of an FOI Tribunal to decide on whether the submission could be published. Even so a judge has ruled that the DWP’s written evidence to the tribunal can be published.

Excerpts from the submission are here.

Analysis and Comment

The DWP’s submission gives a unique glimpse into day-to-day life and corporate sensitivities at or near the top of the Universal credit IT programme.

It reveals the lengths to which senior officials were willing to go to stop any authoritative “bad news” on the Universal Credit IT programme leaking out. Media speculation DWP’s senior officials do not seem to mind. What appears to concern them is the disclosure of any credible internal information on how things are progressing on Universal Credit IT.

Confidential

Despite multiple requests from IT suppliers, former government CIOs and MPs, for Whitehall to publish its progress reports on big IT-based change programmes (some examples below), all central departments keep them confidential.

That sensitivity has little to do with protecting personal data.

It’s likely that reviews of projects are kept confidential largely because they could otherwise expose incompetence, mistakes, poor decisions, risks that are likely to materialise, large sums that have been wasted or, worst of all, a project that should have been cancelled long ago and possibly re-started, but which has been kept going in its original form because nobody wanted to own up to failure.

Ian watmore front cover How to fix government IROn this last point, former government CIO and permanent secretary Ian Watmore spoke to MPs in 2009 about how to fix government IT. He said,

“An innovative organisation tries a lot of things and sometimes things do not work. I think one of the valid criticisms in the past has been when things have not worked, government has carried on trying to make them work well beyond the point at which they should have been stopped.”

Individual accountability for failure?

Oblivious to MPs’ requests to publish IT progress reports, the DWP routinely refuses FOI requests to publish IT progress reports, even when they are several years old, even though by then officials and ministers involved will probably have moved on. Individual accountability for failure therefore continues to be non-existent.

Knowing this, MPs on two House of Commons select committees, Public Accounts and Work and Pensions, have called for the publication of reports such as “Gateway” reviews.

This campaign for more openness on government IT projects has lasted nearly three decades. And still Whitehall never publishes any contemporaneous progress reports on big IT programmes.

It took an FOI campaigner and IT projects professional John Slater [@AmateurFOI] three years of legal proceedings to persuade the DWP to release some old reports on the Universal Credit IT programme (a risk register, milestone schedule and issues log). And he had the support of the Information Commissioner’s legal team.

universal creditWhen the DWP reluctantly released the 2012 reports in 2016 – and only after an informal request by the then DWP secretary of state Stephen Crabb – pundits were surprised at how prosaic the documents were.

Yet we now know, thanks to the DWP’s submission, the lengths to which officials will go to stop such documents leaking out.

Understandable?

Some at the DWP are likely to see the submission as explaining some of understandable measures any government department would take to protect sensitive information on its largest project, Universal Credit. The DWP is the government largest department. It runs some of the world’s biggest IT systems. It possesses personal information on nearly everyone in Britain. It has to make the protection of its information a top priority.

Others will see the submission as proof that the DWP will do all it can to honour a decades-old Whitehall habit of keeping bad news to itself.

Need for openness

It’s generally accepted that success in running big IT-enabled change programmes requires openness – with staff and managers, and with external organisations and agencies.

IT-based change schemes are about solving problems. An introspective “good news only” culture may help to explain why the DWP has a poor record of managing big and successful IT-based projects and programmes. The last time officials attempted a major modernisation of benefit systems in the 1990s – called Operational Strategy – the costs rose from £713m to £2.6bn and the intended objective of joining up the IT as part of a “whole person” concept, did not happen.

Programme papers“watermarked”

The DWP’s power, mandate and funding come courtesy of the public. So do officials, in return, have the right to keep hidden mistakes and flawed IT strategies that may lead to a poor use – or wastage – of hundreds of millions of pounds, or billions?

The DWP’s submission reveals that recommendations from its assurance reports (low-level reports on the state of the IT programme including risks and problems) were not circulated and a register was kept of who had received them.

Concern over leaks

The submission said that surveys on staff morale ceased after concerns about leaks. IT programme papers were no longer sent electronically and were delivered by hand. Those that were sent were “double-enveloped” and any that needed to be retained were “signed back in”. For added security, Universal Credit programme papers were watermarked.

When a former member of the security services was brought in to conduct a leaks investigation, staff and mangers were invited by the DWP’s most senior civil servant to “speak to the independent investigator if they had any information”. This suggests that staff were expected to inform on any suspect colleagues.

People “stopped sharing comments which could be interpreted as criticism of the [Universal Credit IT] Programme,” said the submission. “People became suspicious of their colleagues – even those they worked closely with.

“There was a lack of trust and people were very careful about being honest with their colleagues…

“People felt they could no longer share things with colleagues that might have an honest assessment of difficulties or any negative criticism – many staff believed the official line was, ‘everything is fine’.

“People, even now, struggle to trust colleagues with sensitive information and are still fearful that anything that is sent out via email will be misused.

“For all governance meetings, all documents are sent out as password protected, with official security markings included, whether or not they contain sensitive information.”

“Defensive”

dwpLines to take with the media were added to a “Rolling Brief”, an internal update document, that was circulated to senior leaders of the Universal Credit IT programme, the DWP press office and special advisors.

These “lines to take” were a “defensive approach to media requests”. They emphasised the “positive in terms of progress with the Programme without acknowledging the issues identified in the leaked stories”.

This positive approach to briefing and media management “led to a lack of candour and honesty through the Programme and publically …”

How the DWP’s legal submission came about is explained in this separate post.

Were there leaks of particularly sensitive information?

It appears not. The so-called leaks revealed imperfections in the running of the Universal Credit programme; but there was no personal information involved. Officials were concerned about the perceived leak of a Starting Gate Review to the Telegraph (although the DWP had officially lodged the review with the House of Commons library).

The DWP also mentioned in its statement a leak to the Guardian of the results of an internal “Pulse” survey of staff morale – although it’s unclear why the survey wasn’t published officially given its apparent absence of sensitive commercial, personal, corporate or governmental information.

NPfIT

The greater the openness in external communications, the less likely a natural scepticism of new ways of working will manifest in a distrust of the IT programme as a whole.

The NHS’s National Programme for IT (NPfIT) – then the UK’s biggest IT programme costing about £10bn – was dismantled in 2011 after eight fraught years. One reason it was a disaster was the deep distrust of the NPfIT among clinicians, hospital technologists, IT managers, GPs and nurses. They had listened with growing scepticism to Whitehall’s oft-repeated “good news” announcements.

Ex-Government CIO wanted more openness on IT projects

When MPs have asked the DWP why it does not publish reports on the progress of IT-enabled projects, it has cited “commercial confidentiality”.

But in 2009, Ian Watmore (the former Government CIO) said in answer to a question by Public Account Committee MP Richard Bacon that he’d endorse the publication of Gateway reviews, which are independent assessments of the achievements, inadequacies, risks, progress and challenges on risky IT-based programmes.

“I am with you in that I would prefer Gateway reviews to be published because of the experience we had with capability reviews (published reports on a department’s performance). We had the same debate (as with Gateway reviews) and we published them. It caused furore for a few weeks but then it became a normal part of the furniture,” said Watmore.

Capability reviews are no longer published. The only “regular” reports of Whitehall progress with big IT programmes are the Infrastructure and Projects Authority’s annual reports. But these do not include Gateway reviews or other reports on IT projects and programmes. The DWP and other departments publish only their own interpretations of project reviews.

In the DWP’s latest published summary of progress on the Universal Credit IT programme, dated July 2016, the focus is on good news only.

But this creates a mystery. The Infrastructure and Projects Authority gave the Universal Credit programme an “amber” rating in its annual report which was published this month. But neither the DWP nor the Authority has explained why the programme wasn’t rated amber/green or green.

MPs and even IT suppliers want openness on IT projects

Work and Pensions Committee front coverIn 2004 HP, the DWP’s main IT supplier, told a Work and Pensions Committee inquiry entitled “Making IT work for DWP customers” in 2004 that “within sensible commercial parameters, transparency should be maintained to the greatest possible extent on highly complex programmes such as those undertaken by the DWP”.

The Work and Pensions Committee spent seven months investigating IT in the DWP and published a 240-page volume of oral and written in July 2004. On the matter of publishing “Gateway” reviews on the progress or otherwise of big IT projects, the Committee concluded,

“We found it refreshing that major IT suppliers should be content for the [Gateway] reviews to be published. We welcome this approach. It struck us as very odd that of all stakeholders, DWP should be the one which clings most enthusiastically to commercial confidentiality to justify non-disclosure of crucial information, even to Parliament.”

The Committee called for Gateway reviews to be published. That was 12 years ago – and it hasn’t happened.

Four years later the Committee found that the 19 most significant DWP IT projects were over-budget or late.

DWP headline late and over budget

In 2006 the National Audit Office reported on Whitehall’s general lack of openness in a report entitled “Delivering successful IT-enabled business change”.

The report said,

“The Public Accounts Committee has emphasised frequently the need for greater transparency and accountability in departments’ performance in managing their programmes and projects and, in particular, that the result of OGC Gateway Reviews should be published.”

But today, DWP officials seem as preoccupied as ever with concealing bad news on their big IT programmes including Universal Credit.

The costs of concealment

The DWP has had important DWP project successes, notably pension credits, which was listed by the National Audit Office as one of 24 positive case studies.

But the DWP has also wasted tens of millions of pounds on failed IT projects.

Projects with names such as “Camelot” [Computerisation and Mechanisation of Local Office Tasks] and Assist [Analytical Services Statistical Information System) were cancelled with losses of millions of pounds. More recently the DWP has run into problems on several big projects.

“Abysmal”

On 3 November 2014 the then chairman of the Public Accounts Committee Margaret Hodge spoke on Radio 4’s Analysis of the DWP’s ‘abysmal’ management of IT contracts.”

1984

As long ago as 1984, the House of Commons Public Accounts Committee called for the civil service to be more open about its progress on major computer projects.

Today there are questions about whether the Universal Credit IT will succeed. Hundreds of millions has already been spent. Yet, as mentioned earlier, current information on the progress of the DWP’s IT programmes remains a state secret.

It’s possible that progress on the Universal Credit IT programme has been boosted by the irregular (but thorough) scrutiny by the National Audit Office. That said, as soon as NAO reports on Universal Credit are published, ministers and senior officials who have seen copies in advance routinely dismiss any criticisms as retrospective and out-of-date.

Does it matter if the DWP is paranoid about leaks?

A paper published in 2009 looks at how damaging it can be for good government when bureaucracies lack internal challenge and seek to impose on officials a “good news” agenda, where criticism is effectively prohibited.

The paper quoted the then Soviet statesman Mikhail Gorbachev as saying, in a small meeting with leading Soviet intellectuals,

“The restructuring is progressing with great difficulty. We have no opposition party. How then can we control ourselves? Only through criticism and self-criticism. Most important: through glasnost.”

Non-democratic regimes fear a free flow of information because it could threaten political survival. In Russia there was consideration of partial media freedom to give incentives to bureaucrats who would otherwise have no challenge, and no reason to serve the state well, or avoid mistakes.

The Chernobyl nuclear disaster, which occurred on April 26, 1986, was not acknowledged by Soviet officials for two days, and only then after news had spread across the Western media.

The paper argued that a lack of criticism could keep a less democratic government in power. But it can lead to a complacency and incompetence in implementing policy that even a censored media cannot succeed in hiding.

As one observer noted after Chernobyl (Methvin in National Review, Dec. 4, 1987),

“There surely must be days—maybe the morning after Chernobyl—when Gorbachev wishes he could buy a Kremlin equivalent of the Washington Post and find out what is going on in his socialist wonderland.”

Red team

Iain DuncanSmithA lack of reliable information on the state of the Universal Credit IT programme prompted the then secretary of state Iain Duncan Smith to set up his own “red team” review.

That move was not known about at the time. Indeed in December 2012 – at a point when the DWP was issuing public statements on the success of the Universal Credit Programme – the scheme was actually in trouble. The DWP’s legal submission said,

“In summary we concluded (just before Christmas 2012) that the IT system that had been developed for the launch of UC [Universal Credit] had significant problems.”

One wonders whether DWP civil servants kept Duncan Smith in the dark because they themselves had not been fully informed about what was going on, or because they thought the minister was best protected from knowing what was going on, deniability being one key Whitehall objective.

But in the absence of reliable internal information a political leader can lose touch completely, said the paper on press freedom.

“On December 21, 1989, after days of local and seemingly limited unrest in the province of Timi¸ Ceausescu called for a grandiose meeting at the central square of Bucharest, apparently to rally the crowds in support of his leadership. In a stunning development, the meeting degenerated into anarchy, and Ceausescu and his wife had to flee the presidential palace, only to be executed by a firing squad two days later.”

Wrong assumptions

Many times, after the IT media has published articles on big government IT-based project failures, TV and radio journalists have asked to what extent the secretary of state was responsible and why he hadn’t acted to stop millions of pounds being wasted.

But why do broadcast journalists assume ministers control their departments? It is usually more likely that ministers know little about the real risks of failure until it is too late to act decisively.

Lord Bach, a minister at DEFRA, told a House of Commons inquiry in 2007 into the failure of the IT-based Single Payment Scheme that he was aware of the risks but still officials told him that systems would work as planned and farmers would receive payments on time. They didn’t. Chaos ensued.

Said Lord Bach,

“I do think that, at the end of the day, some of the advice that I received from the RPA [Rural Payments Agency] was over-optimistic.”

Lord WhittyAnother DEFRA minister at the time Lord Whitty, who was also party in charge of the Single Payment Scheme, told the same inquiry,

“Perhaps I ought also to say that this was the point at which I felt the advice I was getting was most misleading, and I have used the term ‘misleading’ publicly but I would perhaps prefer to rephrase that in the NAO terms …”

Even the impressive Stephen Crabb – who has now quit as DWP secretary of state – didn’t stand much of chance of challenging his officials. The department’s contracts, IT and other affairs, are so complex and complicated – there are bookcases full of rules and regulations on welfare benefits – that any new ministers soon find themselves overwhelmed with information and complexity.

They will soon realise they are wholly dependent on their officials; and it is the officials who decide what to tell the minister about internal mistakes and bad decisions. Civil servants would argue that ministers cannot be told everything or they would be swamped.

But the paper on press freedom said that in order to induce high effort within a bureacucracy, the leader needs “verifiable information on the bureaucrats’ performance”.

The paper made a fascinating argument that the more complacent the bureaucracy, the more aggressively it would control information. Some oil-rich countries, said the paper, have less media freedom than those with scarcer resources.

“Consistent with our theory, [some] non-democratic countries … have vast resources and poor growth performance, while the Asian tigers (South Korea, Taiwan, Hong Kong, and Singapore), while predominantly non-democratic in the 1970s and 1980s, have high growth rates and scarce natural resource.”

In an apparent opening up of information, the government in China passed a law along the lines of the U.S. Freedom of Information Act (“China Sets Out to Cut Secrecy, but Laws Leave Big Loopholes,” New York Times, Apr. 25, 2007). But was this law self-serving? It, and the launch of local elections, provided the central government with relatively reliable information on the performance of provincial bosses.

These stories from less democratic countries may be relevant in Britain because politicians here, including secretaries of state, seem to be the last to know when a big IT-based programme is becoming a disaster.

Bad news

Whtehall’s preoccupation with “good news only” goes well beyond the DWP.

T auditors Arthur D Little, in a forensic analysis of the delays, cost over-runs and problems on the development of a huge air traffic control IT project for National Air Traffic Services, whose parent was then the Civil Aviation Authority, which was part of the Department for Transport, referred to an “unwillingness to face up to and discuss bad news”.

Ministers helpless to force openness on unwilling officials?

Francis Maude came to the Cabinet Office with a reforming zeal and a sophisticated agenda for forcing through more openness, but the effects of his efforts began to evaporate as soon as he left office. Even when he was at the height of his power and influence, he was unable to persuade civil servants to publish Gateway reviews, although he’d said when in opposition that he intended to publish them.

His negotiations ended with central departments agreeing to publish only the “traffic light” status of big projects – but only after a minimum delay of at least six months. In practice the delay is usually a year or more.

Brexit

Brexit campaigners argue that the EC is undemocratic, that decisions are taken in Brussels in secret by unelected bureaucrats. But the EC is at least subject to the scrutiny, sometimes the competing scrutiny, of 29 countries.

Arguably Whitehall’s departments are also run by unelected bureaucrats who are not subject to any effective scrutiny other than inspections from time to time of the National Audit Office.

Yes Minister parodied Sir Humphrey’s firm grip on what the public should and should not be told. Usually his recommendation was that the information should be misleadingly reassuring. This was close enough to reality to be funny. And yet close enough to reality to be serious as well. It revealed a fundamental flaw in democracy.

Nowhere is that flaw more clearly highlighted than in the DWP’s legal submission. Is it any surprise that the DWP did not want the submission published?

If officials had the choice, would they publish any information that they did not control on any of their IT projects and programmes?

That’s where the indispensable work of the National Audit Office comes into the picture – but it alone, even with the help of the Public Accounts Committee, cannot plug the gaping hole in democracy that the DWP’s submission exposes.

These are some thoughts I am left with after reading the legal submission in the light of the DWP’s record on the management of IT-based projects …

  • Press freedom and the free flow of information cannot be controlled in a liberal democracy. But does Whitehall have its own subtle – and not so subtle – ways and means?
  • In light of the DWP’s track record, the public and the media are entitled to distrust whatever ministers and officials say publicly about their own performance on IT-related programmes, including Universal Credit.
  • More worryingly, would the DWP’s hierarchy care a jot if the media and public didn’t believe what the department said publicly about progress on big projects such as Universal Credit?
  • Is the DWP’s unofficial motto: Better to tell a beautiful lie than an ugly truth?
  • AL Kennedy mentioned the “botched” Universal Credit programme  when she gave a “point of view” on Radio 4 last week. Not referring specifically to Universal Credit she said facts can be massaged but nature can’t be fooled. A girder that won’t hold someone’s weight is likely to fail however many PR-dominated assurance reports have gone before. “Facts are uncompromising and occasionally grim. I wish they weren’t. Avoiding them puts us all at increased risk,” she said.

 Excerpts from the DWP submission

Some Twitter comments on this post:

tweet2

tweet3

tweet

tweet4

Another public sector IT project disaster – but a useful failure if lessons are disseminated

By Tony Collins

Comment and analysis

Government Computing reported on 1 July 2016 that the Scottish Police Authority has agreed with Accenture to end their “i6” programme.

It’s a classic public sector IT project disaster. It failed for the usual reasons (see below). What marks it out is the unusual post-failure approach: a limited openness.

Police in Scotland and the Scottish Government plan a review of what went wrong, which is likely to be published.

Usually senior civil and public servants in Whitehall, local government in England and Wales and the NHS rush to shut the blinds when an IT-enabled change project goes awry, which is what has happened recently after failures of the GP Support Services contract with Capita.  [GP magazine Pulse reports that NHS England is to withhold report on primary care support problems until 2017.]

The police in Scotland and the Scottish Parliament are being open but not completely. Their settlement with Accenture remains confidential, but the Scottish Police Authority has published the full business case for i6 and – under FOI – early “Gateway” reviews and “Healthcheck” reports, though with quite a few redactions.

Despite FOI, it’s almost unknown for Whitehall, the NHS or local government in England and Wales, to publish Gateway reviews of big IT projects.

All this means there may be a genuine attempt in Scotland to learn lessons from the failure of the i6 project, and perhaps even let the public sector as a whole benefit from them (if it’s interested),

Due originally to go live last December, and then in the autumn this year, i6 hit problems within months of the start of the contract with Accenture. The contract was signed in June 2013, work started in July and the two sides were reported as being in mediation by August 2013.

Exemplar?

But the programme had followed well-established preparatory routines. One internal report described the procurement approach as an exemplar for the rest of the public sector. Yet it still ended in failure.

In fact i6 followed the classic script of a traditional public sector IT-based project disaster:

  1. An over-ambitious plan for widespread “integration” – which is one of the most dangerous words in the history of public sector IT-enabled change projects. It seemed a great idea at the time: to save vast sums by bringing together in a single system similar things done in different ways by formerly separate organisations.
  2. A variety of early independent reports that highlighted risks and strengths of the programme but didn’t ask the biggest question of all: could a single national system ever work satisfactorily given the amount of organisational change required – changes that would impose on the system design constant modification as end-users discovered new things they wanted and didn’t want that were in the original design – and changes that would require a large team on the police side to have the time to understand the detail and convey it accurately to Accenture.
  3. An assumption that the supplier would be able to deliver an acceptable system within tight deadlines in a fast-changing environment.
  4. Milestones that were missed amid official denials that the project was in disarray.
  5. An agreement to end the contract that was on the basis of a secret settlement, which brought little or no accountability for the failure. Nobody knows how much has been spent on the project in staff and managerial time, hiring of various consultancies, the commissioning of various reports, and money paid over to the supplier.

What are the lessons?

 

The 10-year programme, which was said to cost between £40m and £60m, was ambitious. It was supposed to replace 135 IT-and paper-based systems across Scotland with a single national integrated system that would be rolled out to all Police Scotland divisions.

A “Gateway review” of the project in March 2013 said the project involved the “largest organisagtional change in the history of Scottish policing”.

The released documents have much praise for the police’s preparatory work on the contract with Accenture. Private consultants were involved as the technical design authority. Deloitte was hired for additional support. There were regular “healthcheck” and Gateway reviews.

Too ambitious?

Bringing together dozens of systems and paper-based processes into a new standardised system that’s supposed to work across a variety of business units, requires – before a single new server is installed – agreement over non-IT changes that are difficult in practice to achieve. It’s mainly a business-change project rather than an IT one.

The business case promised “Full interoperability, of processes and technology, at local and national level.” Was that ever really possible?

The disastrous Raytheon/Home Office e-borders project was a similar classic public sector project failure based on “integration”.  Although it was a much bigger project and far more complex than i6, it followed similar principles: a new national system that would replace a  patchwork of different systems and business processes.

Raytheon could not force change on end-users who did not want change in the way Raytheon envisaged. The Home Office wasted hundreds of millions on the project, according to the National Audit Office which said,

“During the period of the e-borders programme the Department made unrealistic assumptions about programme delivery without recognising the importance of managing a diverse range of stakeholders.

“Delivering the e-borders vision requires that more than 600 air, ferry and rail carriers supply data on people they are bringing in and out of the country, while around 30 government agencies supply data on persons of interest.

“During the e-borders period, the contract made Raytheon responsible for connecting e-borders to these stakeholders’ systems, under the Department’s strategic direction. But carriers and agencies expressed general concerns about the costs and other implications of revising their systems to connect to e-borders, including the interfaces they were expected to use.

“The contract strongly incentivised Raytheon to deliver the roll-out to the agreed schedules but provided less incentive for Raytheon to offer a wider choice of interfaces…Lack of clarity on what was legal under European law further exacerbated the difficult relationships with carriers. These difficulties affected progress in rolling out e-borders from the outset…

“Following the cancellation of the e-borders contract in 2010, the Department [Home Office] took more direct ownership of external relationships instead of working through Raytheon. Transport carriers told us there is now a better understanding of needs and requirements between themselves and the Department.”

The NHS National Programme for IT [NPfIT] was another similar failure, in part because of overly ambitious plans for “integration” – on a scale that could never be imposed on a diverse range of largely autonomous NHS organisations. Some hospitals and GPs did not want a national system that did less than their existing systems. Why would they want to replace their own proven IT with cruder standardised systems for the sake of the common good?

More recently the GP support services contract with Capita has run into serious problems largely because of an overly ambitious objective of replacing fragmented ways of working with a national “common good” system.

A Capita spokesperson said of the new system: ‘NHS England asked Capita to transform what was a locally agreed, fragmented primary care support service, to a national standardised system.”

It’s naïve for politicians and senior public servants to view integration as a public benefit without questioning its necessity in the light of the huge risks.

[Mao Tsedong saw the Great Leap Forward as a public benefit. It was a costly catastrophe, in human and financial terms. ]

Disputes over whether proposals would meet actual needs?

It appears that i6 officials found Accenture’s solutions unconvincing; but it’s likely Accenture found that requirements were growing and shifting, leading to disagreements over varying interpretations of different parts of the contract. Accenture could not compel cooperation by various forces even it wanted to.

It may work elsewhere – but that doesn’t mean it’ll work for you.

This is one of the oldest lessons from countless disaster in the history of the IT industry. It was listed as a key factor in some of the world’s biggest IT disasters in “Crash”.

The business case for i6 says:

“The [Accenture] solution is based on a system delivered to 80,000 officers in the Guardia Civil, Spain’s national police force.

“The procured solution includes software components, software licences, specialist hardware, integration tools and services, business change activities, implementation services, reporting capabilities, data management activities, ongoing support, optional managed service arrangements, additional integration services and other relevant services necessary for the successful implementation of the solution.”

Is it wise to promise huge savings many times greater than projected costs?

Clearly i6 is a political scheme. It’s easy in the public sector to declare at the outset any amount of anticipated savings when it’s clear to everyone that the actual audited savings – or losses – will probably never be announced.

Initial costs were put at £12m, but later revisions put the cost nearer to £46m. More recently costs of £60m have been reported. In 2013, cashable savings to be made by developing i6 were said to be over £61m, with the total cashable and non-cashable savings estimated to be £218m over ten years.

That said, the police appear to have paid over relatively small sums to Accenture, not tens of millions of pounds.

Lessons from past failures have been learned – really?

The Scottish Police Authority gave an unequivocal assurance to its members in June 2013 that i6 will “not suffer the same fate as other high profile large scale IT projects”. This is what the Authority said to its members,

“Delivery Assurance – SPA [Scottish Police Authority] members have sought and been provided with significant assurance that the i6 programme will deliver the intended outcomes and not suffer the same fate as other high profile large scale IT projects.

“The robustness and diligent detail that has gone into the full business case itself provides much of that assurance. Further delivery confidence around i6 comes from a number of sources including:
1. Rigorous Programme Governance.
2. Widespread User Engagement and Robust Requirements Gathering.
3. The creation of a ‘live’ multi-sector i6 Learning Network.
4. The formation of strategic partnership groups.
5. Alignment to the wider Scottish Government Digital Strategy.
6. Active learning from the Audit Scotland Review of Public Sector IT Projects and the Common Performance Management Project (‘Platform’).
7. Significant time and investment in the use of Competitive Dialogue.
8. The formation of a strong and consistent programme team with integrated professional advice & support.
9. Exposure to the full independent OGC Gateway Review Process.
10. An independent Scottish Government Technical Assurance Review.

A growing list of changes.

In February 2016 Accenture said, “This is a very complex project. The complexity of the solution, which has been driven by the client, has increased significantly over the last two years.”

This suggests the scope and specification grew as the many different stakeholders gradually formed a view of what they wanted.

Criticism of the supplier, as if it were the only party responsible or delivering the system.

Police Scotland told members of the Scottish Parliament in February 2016 that Accenture has let the police down.

One question auditors may ask is whether it would have been better for local policing divisions to keep control of their own IT.

Internal reviews too soft, too reassuring?

A technical assurance review in June 2013 gave the i6 project an “amber/green” status.

A secret settlement leaves taxpayers having no clue of how much money has gone down the drain.

The Scottish Police Authority says the settlement is confidential. “The terms of the agreement are commercially confidential. However we can confirm that the settlement results in no financial detriment to the police budget.”

The current police budget may not be affected but how much has already been paid and how much of this is wasted? If no figures are ever given, how can there be proper accountability that could deter a new set of officials making similar mistakes in a future project?

Doomsday Register?

If the public sector kept a published “Doomsday” register of failed projects and programmes and the mistakes made in them, as identified by auditors, the same mistakes would be less likely to be repeated.

Perhaps i6 could be the first entry into a new Doomsday register.

The future’s looking bright (?).

When a project is cancelled, it’s almost inevitable that the consequences will be declared to be minimal; and we’re all left wondering why the project was needed in the first place if the future is so rosy.

Half the story

As things stand,  when a council, police, NHS, or Whitehall project fails and millions of pounds, sometimes tens of millions, even billions, are lost, there’s no incentive for anyone but taxpayers to care – and even then they don’t know half the story.

In the case of i6, once the settlement with Accenture is finalised – with hardly anyone knowing the details – officialdom is free to embark on a similar project in a few years time, with different people involved, and describing it in a different way.

Who cares when the public sector has another IT disaster that follows an age-old script?

**

Project summary

The i6 project was introduced to merge more than 130 different computer and paper systems left in place after eight regional forces were merged to form Police Scotland.

Police Scotland told MSPs in February that they were looking at contingency options because they could not solve scores of faults that had emerged during testing.

Officers involved in the tests said at one point they had found 12 critical errors that made it unusable, and a total of 76 defects that required further work.

Accenture said in February that i6 passed its internal testing but flaws emerged when Police Scotland tested the programme.

**

The Guardian reports on another IT-enabled project problems in Scotland.

“Scottish ministers have already been forced to seek an extension from the European commission after its new £178m farming payments system had to be dramatically scaled back and failed to meet an EU deadline.

“There have been significant delays and cost rises too in a new call-handling and IT system for NHS Scotland’s telephone advice service, NHS 24, which has not yet become operational. Its budget has risen by 55% to nearly £118m, and it is four years late.”

Scottish Police Authority and Accenture terminate i6 contract – Government Computing

 

 

Aspire: eight lessons from the UK’s biggest IT contract

By Tony Collins

How do you quit a £10bn IT contract in which suppliers have become limbs of your organisation?

Thanks to reports by the National Audit Office, the questioning of HMRC civil servants by the Public Accounts Committee, answers to FOI requests, and job adverts for senior HMRC posts, it’s possible to gain a rare insight into some of the sensitive commercial matters that are usually hidden when the end of a huge IT contract draws closer.

Partly because of the footnotes, the latest National Audit Office memorandum on Aspire (June 2016) has insights that make it one of the most incisive reports it has produced on the department’s IT in more than 30 years.

Soaring costs?

Aspire is the government’s biggest IT-related contract. Inland Revenue, as it was then, signed a 10-year outsourcing deal with HP (then EDS) in 1994, and transferred about 2,000 civil servants to the company. The deal was expected to cost £2bn over 10 years.

After Customs and Excise, with its Fujitsu VME-based IT estate, was merged with Inland Revenue’s in 2005, the cost of the total outsourcing deal with HP rose to about £3bn.

In 2004 most of the IT staff and HMRC’s assets transferred to Capgemini under a contract known as Aspire – Acquiring Strategic Partners for Inland Revenue. Aspire’s main subcontractors were Accenture and Fujitsu.

In subsequent years the cost of the 10-year Aspire contract shot up from about £3bn to about £8bn, yielding combined profits to Capgemini and Fujitsu of £1.2bn – more than double the £500m originally modelled. The profit margin was 15.8% compared to 12.3% originally modelled.

The National Audit Office said in a report on Aspire in 2014 that HMRC had not handled costs well. The NAO now estimates the cost of the extended (13-year) Aspire contract from 2004 to 2017 to be about £10bn.

Between April 2006 and March 2014, Aspire accounted for about 84% of HMRC’s total spending on technology.

Servers that typically cost £30,000 a year to run under Aspire – and there are about 4,000 servers at HMRC today – cost between £6,000 when run internally or as low as £4,000 a year in the commodity market.

How could the Aspire spend continue – and without a modernisation of the IT estate?

A good service

HMRC has been generally pleased with the quality of service from Aspire’s suppliers.  Major systems have run with reducing amounts of downtime, and Capgemini has helped to build many new systems.

Where things have gone wrong, HMRC appears to have been as much to blame as the suppliers, partly because development work was hit routinely by a plethora of changes to the agreed specifications.

Arguably the two biggest problems with Aspire have been cost and lack of control.  In the 10 years between 2004 and 2014 HMRC paid an average of £813m a year to Aspire’s suppliers.  And it paid above market rates, according to the National Audit Office.

By the time the Cabinet Office’s Efficiency and Reform Group announced in 2014 that it was seeking to outlaw “bloated and wasteful” contracts, especially ones over £100m, HMRC had already taken steps to end Aspire.

It decided to break up its IT systems into chunks it could manage, control and, to some extent, commoditise.

HMRC’s senior managers expected an end to Aspire by 2017. But unexpected events at the Department for Work and Pensions put paid to HMRC’s plan …

Eight lessons from Aspire

1. Your IT may not be transformed by outsourcing.  That may be the intention at the outset. But it didn’t happen when Somerset County Council outsourced IT to IBM in 2007 and it hasn’t happened in the 12 years of the Aspire contract.

 “The Aspire contract has provided stable but expensive IT systems. The contract has contributed to HMRC’s technology becoming out of date,” said the National Audit Office in its June 2016 memorandum.

Mark DearnleyAnd Mark Dearnley, HMRC’s Chief Digital Information Officer and main board member, told the Public Accounts Committee last week,

“Some of the technology we use is definitely past its best-before date.”

2. You won’t realise how little you understand your outsourced IT until you look at ending a long-term deal.

Confidently and openly answering a series of trenchant questions from MP Richard Bacon at last week’s Public Accounts Committee hearing, Dearnley said,

“It’s inevitable in any large black box outsourcing deal that there are details when you get right into it that you don’t know what’s going on. So yes, that’s what we’re learning.”

3. Suppliers may seem almost philanthropic in the run-up to a large outsourcing deal because they accept losses in the early part of a contract and make up for them in later years.

Dearnley said,

“What we are finding is that it [the break-up of Aspire] is forcing us to have much cleaner commercial conversations, not getting into some of the traditional arrangements.

” If I go away from Aspire and talk about the typical outsourcing industry of the last ten years most contracts lost money in their first few years for the supplier, and the supplier relied on making money in the later years of the contract.

“What that tended to mean was that as time moved on and you wanted to change the contract the supplier was not particularly incented to want to change it because they wanted to make their money at the end.

“What we’re focusing on is making sure the deals are clean, simple, really easy to understand, and don’t mortgage the future and that we can change as the environment evolves and the world changes.”

4. If you want deeper-than-expected costs in the later years of the contract, expect suppliers to make up the money in contract extensions.

Aspire was due originally to end in 2004. Then it went to 2017 after suppliers negotiated a three-year extension in 2007. Now completion of the exit is not planned until 2020, though some services have already been insourced and more will be over the next four years.

The National Audit Office’s June 2016 memorandum reveals how the contract extension from 2017 to 2020 came about.

HMRC had a non-binding agreement with Capgemini to exit from all Aspire services by June 2017. But HMRC had little choice but to soften this approach when Capgemini’s negotiating position was unexpectedly strengthened by IT deals being struck by other departments, particularly the Department for Work and Pensions.

Cabinet Office “red lines” said that government would not extend existing contracts without a compelling case. But the DWP found that instead of being able to exit a large hosting contract with HP in February 2015 it would have to consider a variation to the contract to enable a controlled disaggregation of services from February 2015 to February 2018.

When the DWP announced it was planning to extend its IT contract with its prime supplier HP Enterprise, HMRC was already in the process of agreeing with Capgemini the contract changes necessary to formalise their agreement to exit the Aspire deal in 2017.

“Capgemini considered that this extension, combined with other public bodies planning to extend their IT contracts, meant that the government had changed its position on extensions…

“Capgemini therefore pushed for contract extensions for some Aspire services as a condition of agreeing to other services being transferred to HMRC before the end of the Aspire contract,” said the NAO’s June 2016 memo.

5. It’s naïve to expect a large IT contract to transfer risks to the supplier (s).

At last week’s Public Accounts Committee hearing, Richard Bacon wanted to know if HMRC was taking on more risk by replacing the Aspire contract with a mixture of insourced IT and smaller commoditised contracts of no more than three years. Asked by Bacon whether HMRC is taking on more risk Dearnley replied,

“Yes and no – the risk was always ours. We had some of it backed of it backed off in contract. You can debate just how valuable contract backing off is relative to £500bn (the annual amount of tax collected).  We will never back all of that off. We are much closer and much more on top of the service, the delivery, the projects and the ownership (in the gradual replacement of Aspire).”

6. Few organisations seeking to end monolithic outsourcing deals will have the transition overseen by someone as clear-sighted as Mark Dearnley.

His plain speaking appeared to impress even the chairman of the Public Accounts Committee Meg Hillier who asked him at the end of last week’s hearing,

Meg Hillier

Meg Hillier

“And what are your plans? One of the problems we often see in this Committee is people in very senior positions such as yours moving on very quickly. You have had a stellar career in the private sector…

“We hope that those negotiations move apace, because I suspect – and it is perhaps unfair to ask Mr Dearnley to comment – that to lose someone senior at this point would not be good news, given the challenges outlined in the [NAO] Report,” asked Hillier.

Dearnley then gave a slightly embarrassed look to Jon Thomson, HMRC’s chief executive and first permanent secretary. Dearnley replied,

“Jon and I are looking at each other because you are right. Technically my contract finishes at the end of September because I was here for three years. As Jon has just arrived, it is a conversation we have just begun.”

Hiller said,

“I would hope that you are going to have that conversation.”

Richard Bacon added,

“Get your skates on, Mr Thompson; we want to keep him.”

Thompson said,

“We all share the same aspiration. We are in negotiations.”

7. Be prepared to set aside millions of pounds – in addition to the normal costs of the outsourcing – on exiting.

HMRC is setting aside a gigantic sum – £700m. Around a quarter of this, said the National Audit Office, is accounted for by optimism bias. The estimates also include costs that HMRC will only incur if certain risks materialise.

In particular, HMRC has allowed around £100m for the costs of transferring data from servers currently managed by Aspire suppliers to providers that will make use of cloud computing technology. This cost will only be incurred if a second HMRC programme – which focuses on how HMRC exploits cloud technology – is unsuccessful.

Other costs of the so-called Columbus programme to replace Aspire include the cost of buying back assets, plus staff, consultancy and legal costs.

8. Projected savings from quitting a large contract could dwarf the exit costs.

HMRC has estimated the possible minimum and possible maximum savings from replacing Aspire. Even the minimum estimated savings would more than justify the organisational time involved and the challenge of building up new corporate cultures and skills in-house while keeping new and existing services running smoothly.

By replacing Aspire and improving the way IT services are organised and delivered, HMRC expects to save – each year – about £200m net, after taking into account the possible exit costs of £700m.

The National Audit Office said most of the savings are calculated on the basis of removing supplier profit margins and overheads on services being brought in-house, and reducing margins on other services from contract changes.

Even if the savings don’t materialise as expected and costs equal savings the benefits of exiting are clear. The alternative is allowing costs to continue to soar while you allow the future of your IT to be determined by what your major suppliers can or will do within reasonable cost limits.

Comment

HMRC is leading the way for other government departments, councils, the police and other public bodies.

Dearnley’s approach of breaking IT into smaller manageable chunks that can be managed, controlled, optimised and to some extent commoditised is impressive.  On the cloud alone he is setting up an internal team of 50.

In the past, IT empires were built and retained by senior officials arguing that their systems were unique – too bespoke and complex to be broken up and treated as a commodity to be put into the cloud.

Dearnley’s evidence to the Public Accounts Committee exposes pompous justifications for the status quo as Sir Humphrey-speak.

Both Richard Feynman and Einstein said something to the effect that the more you understand a subject, the simpler you can explain it.

What Dearnley doesn’t yet understand about the HMRC systems that are still run by Capgemini he will doubtless find out about – provided his contract is renewed before September this year.

No doubt HMRC will continue to have its Parliamentary and other critics who will say that the risks of breaking up HMRC’s proven IT systems are a step too far. But the risks to the public purse of keeping the IT largely as it is are, arguably, much greater.

The Department for Work and Pensions has proved that it’s possible to innovate with the so-called digital solution for Universal Credit, without risking payments to vulnerable people.

If the agile approach to Universal Credit fails, existing benefit systems will continue, or a much more expensive waterfall development by the DWP’s major suppliers will probably be used instead.

It is possible to innovate cheaply without endangering existing tax collection and benefit systems.

Imagine the billions that could be saved if every central government department had a Dearnley on the board. HMRC has had decades of largely negative National Audit Office reports on its IT.  Is that about to change?

Update:

This morning (22 June 2016) on LinkedIn, management troubleshooter and board adviser Colin Beveridge wrote,

“Good analysis of Aspire and outsourcing challenges. I have seen too many business cases in my career, be they a case for outsourcing, provider transition or insourcing.

“The common factor in all the proposals has been the absence of strategy end of life costs. In other words, the eventual transition costs that will be incurred when the sourcing strategy itself goes end of life. Such costs are never reflected in the original business case, even though their inevitability will have an important impact on the overall integrity of the sourcing strategy business case.

“My rule of thumb is to look for the end of strategy provision in the business case, prior to transition approval. If there is no provision for the eventual sourcing strategy change, then expect to pay dearly in the end.”

June 2016 memorandum on Aspire – National Audit Office

Dearney’s evidence to the Public Accounts Committee

Judge orders FOI release of Universal Credit IT reports

By Tony Collins

universal creditA judge has ordered the Department for Work and Pensions to release three Universal Credit IT reports that ministers and their officials have spent public money trying to keep out of the public domain.

Judge Chris Ryan and his FOI tribunal panel went further: they concluded that had the reports in question been disclosed at the time they might have corrected misleading government statements about the robust state of the Universal Credit programme.

In their ruling this week the tribunal said that disclosure of the documents,

“might have corrected a false impression, derived from official government statements by revealing the very considerable difficulties that were beginning to develop around the time when the information requests were submitted.”

Two director-level officials at the Department for Work and Pensions had argued that civil servants needed a “safe space” in the reports in question to be candid in their assessments of risks and problems.

But the FOI tribunal, whose members have project management experience, concluded that it’s in the self interest of officials to be candid and professional about problems and risks rather than be associated with a failed project.

In addition, officials would not wish to be held partly responsible in a later review, such as one carried out by the National Audit Office, for having “failed to draw colleagues’ attention to problems with sufficient clarity to ensure that they were addressed effectively and in good time”.

Civil servants had an “awareness of the importance of candour in support of good decision-making and their professional obligation to assist that process”.

The tribunal said the three reports in question should have been  disclosed at the time they were requested in 2012. It directed the DWP to disclose them.

If the DWP’s barrister can identify good reasons why the tribunal might have made an error, or errors, in law, he can appeal within 28 days, though a tribunal could reject his appeal . The DWP could then appeal this decision.

This cycle of appeals that has already happened once – or the DWP could now decide that it has spent enough public money on fighting the case and release the reports.

dwpDid the DWP mislead?

The reports are expected to throw light on the problems and risks of Universal Credit IT at  a time when DWP’s officials, secretary of state Iain Duncan Smith and his ministers, were giving assurances that all was well with the programme.

An FOI tribunal ordered the reports to be released in 2014 but various DWP appeals led to a re-hearing of the case last month (22 February 2016) at Leicester Magistrates Court.

Now Judge Ryan and two other FOI tribunal panel members have ordered that the DWP release a risk register, issues register and Major Projects Authority project assessment review.

The risk register described risks, the possible impact should they occur, the probability of their occurring, a risk score, a traffic light status, a summary of the planned response if a risk materialised, and a summary of the risk mitigation.

The issues register included a list of problems, the dates they were identified, the mitigating steps required and the dates for review and resolution.

The project assessment review gave a high-level strategic view of the state of UC, its problems, risks and how well or badly it was being managed.

The DWP argued that routine disclosure of such reports could lead to sensationalist headlines that would have a “chilling effect”.  Not wanting to give food to a hostile media, officials writing or contributing to such reports could make them anodyne.

dwpDWP fears “over-stated”

But Judge Ryan said the DWP had “over-stated” its fears. The tribunal suggested that the DWP had not been entirely truthful about the Universal Credit programme.

“We do not accept the Department’s submission that the management of the Universal Credit Programme is already exposed to sufficient public scrutiny and that this dilutes the strength of the arguments in favour of disclosure. On the particular facts of this case it is clear that the true story about the troubles which the Programme team faced only came to light a long time after the event and then showed a markedly different picture than had been portrayed by government statements issued at the time.”

This difference between reality on the UC programme and government statements was a good reason in favour of the disclosure of the reports, said the judge.

Closed session

The DWP’s witness Cath Hamp, a senior DWP official, went into closed session at the latest hearing to argue that her concerns about civil servant behaviour would be more clearly shown by reference to specific items in the withheld documents.

Her closed-session arguments related to the risk of fraud and hacking into the system, relations with commercial organisations, and relations with local government. The tribunal was not convinced by her arguments.

Neither was the panel convinced by the “chilling effect” arguments.

“The evidence on the likelihood of civil servants altering their behaviour in future with regard to their contributions to the preparation of a risk or issues register or to the conduct of a project review was, as Ms Hamp fairly conceded, speculative…”

FOI a benefit more than a “burden”?

The DWP argued that disclosures of the reports would have placed a burden on DWP’s Universal Credit programme executives. They would have been forced to divert their energies and time into correcting media reports about the seriousness of problems and risks. But the tribunal concluded,

“Nor do we accept that resources would be wasted in providing explanations. It is clear from the press releases that we have been shown that the Department has been adept at presenting its case to the public and that it clearly has the specialist staff to carry out that function.”

The tribunal suggested that FOI obligations, rather than cause harm as the DWP had suggested, would be a benefit. The FOI Act had “brought with it an obligation on government to explain itself to a greater extent than had previously been found necessary”.

The tribunal rejected the DWP’s argument that it faced a hostile media which made officials defensive.

“… the evidence before us suggests that, on this issue, the media has adopted a relatively balanced approach to information about the Programme that has come into its possession.”

The judge said that in any event it is a

“perfectly appropriate performance of the media’s role in a modern democracy for it to investigate and comment on the implementation of a major reform involving large sums of public money and a potentially crucial impact on the lives of some of the least fortunate members of society”.

He added: “We do not therefore accept the Department’s submissions on the likelihood of the public misunderstanding the disputed information, or being misled as to its significance by the media”

In its final paragraph the tribunal said,

“… we have concluded that the public interest in maintaining the exemption in respect of each of the withheld documents does not outweigh the public interest in disclosure and that they should therefore have been disclosed when requested. Our decision is unanimous.”

Comment

My thanks to IT projects professional John Slater who has been the main force behind the case in favour of disclosure of the reports.

He made the original request in 2012 for the reports to be published. I requested one of them. He went to the original First Tier Tribunal and to Leicester Magistrates Court last month to cross examine the DWP’s witness. The points he made were quoted by the tribunal in its submission.

It’s campaigners like John Slater (and Dave Orr) who have helped to make FOI legislation more effective than it would otherwise have been.

If the DWP continues to pour money into fighting the disclosure of the reports in question, it will confirm to some of us that, when it comes to its own interest, that is its interest as a bureaucracy,  it may not be a fit authority to manage the spending of public money.

I hope it will release the reports now. It is time it started distinguishing between the public interest and its own.

Universal Credit FOI tribunal ruling – March 2016:  077 110316 Final Open Decision

FOI hearing today on DWP’s refusal to publish Universal Credit reports

By Tony Collins

External lawyers acting for the Department for Work and Pensions are due to appear before an FOI Upper Tribunal judge in London today to argue why four reports on Universal Credit should not be published.

It’s the latest step in a costly legal battle that has lasted two years so far.

A first-tier FOI tribunal judge in 2014 ordered the four reports to be published. The DWP asked for permission to appeal that decision and lost its case.  The DWP then asked an Upper Tribunal for permission to appeal and lost that case as well.

Then it asked a different Upper Tribunal judge for permission to appeal .  As a result, a 1 day hearing is taking place today.

The case takes in evidence from the DWP, the Information Commissioner, John Slater who requested 3 of the reports in question and me. Slater requested in 2012 a Universal Credit risks register, milestone schedule and issues register (which set out problems that had materialised with the Universal Credit programme).  I requested a project assessment review carried out in 2011 on the Universal Credit programme by the Cabinet Office’s Major Projects Authority.

The DWP has refused to publish the four reports – and millions of pounds worth of other similar reports.

Today the DWP will argue that the judge in an earlier Upper FOI Tribunal did not fully consider the “chilling effect” that disclosure of the reports would have on the behaviours of civil servants or consultants who helped to write the reports in question.

In essence the DWP’s lawyers are asking the judge to accept the arguments put forward against disclosure by Sarah Cox, the DWP’s main witness in the case. Cox is a former programme assurance director for Universal Credit.

Cox submitted 49 pages of evidence – plus secret evidence during a closed hearing – on why the UC reports should not be published.  She said that civil servants must be able to think the unthinkable and record the outcome of these thoughts without hesitation or fear of disclosure.

If contributors feared the reports would be routinely disclosed the documents could become “bland records” prepared with half an eye to how they would be received in the public domain.

She said the danger of damage to the public interest cannot be overstated.

Disclosure could adversely affect management of the Universal Credit programme – and “failure of proper programme management may be catastrophic”.

Emphasising the importance of effective management of risk, she referred to the banking system prior to the credit crunch and the stability of the Bank of England in that period.

“Inappropriate or premature disclosure of the information in the risk registers or the issues registers could lead to those failures occurring in government risk management with broader parallels for other project management tools.”

She then referred to “disaster myopia” – a phenomenon she said was well established in cognitive psychology.  It referred to “an underestimation of the likelihood of low frequency but high risk damage risks”.

She added: “This can result in a lack of appropriate mitigating actions, increasing the likelihood of the risk becoming an issue. In this case fear of disclosure and misinterpretation can exacerbate this myopia, leading to the toning down of the direct and forceful language used to describe risks, or worse, risks not being identified at all”.

If civil servants or consultants writing reports on projects were to downplay the risks because of a fear of disclosure, problems may be overlooked, solutions not found, or not found promptly. “Such an outcome would be seriously detrimental to the delivery of major projects.”

Cox’s evidence could appear to some to suggest the DWP was preoccupied with its image, and the image of the Universal Credit programme, in the media, and among MPs and the public. She said routine disclosure of such reports as those in question “will distract civil servants from their tasks at a crucial point in the process of programme management.

“Instead of concentrating on implementing the changes, they will be required to address stakeholder, press or wider public concerns which have been provoked by the premature disclosure of material.”

It would be unhelpful if “attention is focused on clarifying positions with stakeholders and addressing the concerns of media, opposition and interest groups in order to correct the often misleading impression created by premature disclosure”.

This issue is “magnified in a programme with as many delivery partners as Universal Credit, covering both central and local government, with implications for all territories in the UK”.

That is because of the “implications of issues for different partners are often slightly different, so that each partner may need to be given a slightly different, and tailored, response”.

This concern should not be understated, she said.

“From my experience of high profile matters which emerge with little warning, I can say that ministers and senior officials are likely to be forced to clear their diaries, cancelling planned meetings, events and other important engagements, to attend rapidly-convened meetings to discuss the handling of the premature disclosure.

“Officials in the relevant policy areas (and lawyers as appropriate) would need to set aside other essential and pressing work to prepare briefings on the likely impact of disclosure and options for next steps. ‘Lines to take’ and a stakeholder and media-handling strategy would need to be discussed, agreed and signed off by ministers.

“Ministers could also be called to respond to urgent questions tabled in Parliament, especially where the disclosure  is made in respect of a high-profile policy area. The media might press for interviews with ministers and/or senior officials, which require careful preparation…”

But, as the Information Commissioner has pointed out, disclosure of the documents under FOI is not the same as a leak to the media.

And the reports in question are now four years old and so massive media interest is unlikely. Any media interest could be managed by DWP press officers without distracting project managers.

Cox said disclosure could harm rather than assist public debate.

“Material that requires civil servants to think the unthinkable, or to consider unusual or highly unlikely events, using intentionally vivid and forceful language, at a single point in time, potentially pre-dating attempts to mitigate the position could easily distort the public perception of the real or likely situation and encourage sensationalist rather than responsible and balanced reporting.”

She said that officials may have to release further information to counteract any misunderstandings (from a misreading of the disclosed reports). But the “world of media” may ignore this further information.

Lawyers for the Information Commissioner, in their submission to today’s hearing, will argue that an earlier tribunal had not found any existence of a “chilling effect” in this case. The tribunal had not been persuaded by what the DWP had said.

The earlier tribunal had not dismissed all of the DWP’s concerns as entirely without merit. It accepted that disclosure of the documents in question “may not be a painless process for the DWP” and that there “may be some prejudice to the conduct of government of one or more of the kinds asserted by the DWP”. The tribunal was simply unpersuaded by the extent of those prejudices.

The Commissioner’s lawyers will say the earlier tribunal gave due weight to the evidence of Ms Cox but it was not obliged to agree with her.

There was no observable chilling effect from disclosures in the past where a chilling effect had been envisaged. The DWP had not provided any evidence that a chilling effect existed.

Indeed a Starting Gate Review on the Universal Credit project had been published (by Campaign4Change) after the DWP refused to release the document under FOI. The DWP had refused to publish the Starting Gate Review because of the chilling effect it would have on the contributors to such reports.

But there was no chilling effect in consequence of publication of the Starting Gate review, say the Information Commissioner’s lawyers.

The incident “illustrates that it is perfectly within the bounds of reason to be sceptical about the DWP’s assertions about the chilling effect and the like,” says the Information Commissioner’s submission to today’s hearing.

On Ms Cox’s point that disclosure of the reports in question would change behaviours of civil servants and consultants compiling the documents, the earlier tribunal had concluded that the public was entitled to expect from senior officials – and no doubt generally gets – a large measure of courage, frankness and independence in their assessments of risk and provision of advice.

The Information  Commissioner’s lawyers will today ask the judge to dismiss the DWP’s appeal.

Comment

The DWP’s evidence suggests that the reports in question today are critical to the effective delivery of Universal Credit. The reality is that excessive secrecy can make bureaucracies complacent and, in the the DWP’s case, somewhat chaotic.

When Campaign4Change asked the DWP under FOI for two Universal Credit reports – an end to end technical review carried out by IBM at a cost of £49,240 and a “delivery model assessment phases one and two” carried by McKinsey and Partners at a cost of £350,000 – the DWP mistakenly denied that the reports existed.

When we provided evidence the reports did exist the DWP said eventually that it had found them.  The DWP said in essence that the documents had been held so securely nobody knew until searching for them that they existed.

So much for the DWP’s argument that such reports are critical to the effective management of major projects.

And when Campaign4Change asked the DWP, under FOI, to supply a project assessment review report on the Universal Credit programme, officials mistakenly supplied an incorrect version of the report (a draft) to an FOI tribunal.  Officials later apologised for their mistake.

National Audit Office reports on Universal Credit do little to portray the DWP as a professional, competent and well-managed organisation.

Which all suggests that excessive secrecy within the DWP has made officials complacent and disorganised.

Continued excessive secrecy within the department could reinforce a suspicion, justified or not, that the department may not be in a strong position to run a programme as large and complex as Universal Credit.