Category Archives: supplier relationships

Record one-day fall in Capita share price – will customers care?

Posted on 30/09/2016 | 3 comments

By Tony Collins

The share price of outsourcing specialist Capita fell 27% yesterday, a record one-day fall for the company. It was down a further 5% this morning (10.30 am, 30 September 2016).

The company said in a regulatory statement yesterday it is taking immediate steps to reduce the cost base in its underperforming businesses, which should benefit its 2017 results.

Some customers may be entitled to ask whether the transformation-based outsourcing services they are buying from Capita will be affected by any of the company’s financial pressures.

In local government Capita has what it calls “transformational partnerships” with Sheffield City Council, Southampton City Council, London Borough of Barnet, Blackburn with Darwen Council, North Tyneside, West Sussex County Council and Oxfordshire County Council.

Capita also has a joint venture agreement with Birmingham City Council, in a partnership that goes by the name of “Service Birmingham”.

Capita’s regulatory announcement yesterday said “our performance in the second half of the year to date has been below  expectations, as a result of a slow-down in specific trading businesses,  one-off costs incurred on the Transport for London (TfL) congestion charging contract and continued delays in client decision making”.

The company’s trading update said,

“Capita is taking immediate steps to reduce the cost base in the underperforming businesses, which should benefit 2017.”

Capita expects that capital expenditure will be lower than last year.

Outsourcing advocates may see the slow-down as temporary problem for Capita – and indeed the company has announced £949m of “major contract wins in the year to date,  including being recently selected by Three as the preferred bidder for a contract to provide customer management services in the UK, which is expected to start in 2017”.

It added, though, that “revenue from new major sales in the second half of this year is likely to be lower than expected, due to continued delays in decision making and lower conversion of our pipeline”.

Other observers of the outsourcing market may wonder whether major suppliers will always have enough margin to transform a customer’s business, including big new investments in ICT, while continuing to run the client’s operations successfully.

In yesterday’s trading update, Capita referred to problems on two contracts, one with Transport for London and another with the Co-op Bank. It said:

“We have experienced delays on the implementation of new IT systems on the  Transport for London (TfL) congestion charging contract.

“As a result, we expect  to incur between £20m and £25m of one-off costs, which will be included in our  underlying results. The systems have now gone live, the contract is performing  well operationally and these costs will not recur next year.

“Furthermore, we  are in a contractual dispute with the Co-op Bank regarding obligations relating  to the transformation of services.  The ongoing mortgage processing being  undertaken by Capita is performing well.  However, there is a risk of  litigation in respect of the transformation.”

Co-op dispute

Capita’s chief executive Andy Parker was reported in The Telegraph as saying there was a “high” risk of litigation with Co-op Bank over its contract to help administer mortgages.

“Everything’s ready to go and the client is refusing to sign off for one reason only – if they sign off, they have to pay us,” he is quoted s saying. “We’re still hitting targets and delivering for this bank.”

The Co-operative Bank, for its part, suggested it is owed money for delays, and denied it has failed to pay. “The bank strongly refutes Capita’s suggestion that they have delivered an element of the transformation programme which the bank has not paid for,” Co-op Bank was quoted as saying. “In addition, there are amounts which the bank regards as owing to it by Capita.”

Co-op added that it continues to “work through” the issues with the programme.

“The bank continues to work through the issues surrounding this transformation programme with Capita. The existing outsourcing of mortgage processing to Capita both for new and existing bank customers continues to operate in a satisfactory manner and the bank is committed to ensuring that this remains the case going forward,” said the Co-op.

Transport for London

On Capita’s TfL congestion charge contract, Andy Parker said,

“The upgrade proved more complex than we anticipated and the penalties ramped up very quickly.”

At Forbes, which has ranked Capita as one of the world’s most innovative companies, a writer and analyst warned (speculatively) of the possibility of “further profit downgrades in the months to come, allied with the possibility of subdued revenues growth in the years ahead.

Analysts say Capita’s prospects may be dented by uncertainties over Brexit.

The concluding paragraph of Capita’s trading update yesterday said,

“We remain confident of the strength of our business model and aim to return the Group to profit growth next year, excluding the benefit from TfL one-off costs  dropping out.”

Capita is a FTSE 100 company. In 1991 when it was floated its turnover was about £25m. Now it’s close to £5bn. It employs 75,000, about 17,000 of them abroad.

Thank you to campaigner Dave Orr for alerting me to Capita’s announcement yesterday.

Capita trading update

 

3 Comments

Posted in Campaign4Change, Capita, legal disputes, outsourcing, project management, supplier relationships

Atos pleased after it’s cleared of “sharp practice”

Posted on 20/09/2016 | 1 comment

By Tony Collins

atos

A Cabinet Office review of the Whitehall contracts of IT services company Atos following a Public Accounts Committee allegation of “sharp practice” has more than  exonerated the supplier.

After looking at 12 Atos government contracts, the Cabinet Office has written to the Public Accounts Committee praising Atos for going beyond its contractual obligations. Where the company has fallen short, it has taken remedial steps.

Rarely are any government statements on an IT supplier replete with praise.

It’s likely the vindication will take some MPs by surprise after failings in a project to gather and collect in one place data from all the various GP practice systems – the so-called General Practice Extraction Service.

Now Atos may in future be a position to use the statement as evidence, when bidding, of its success in delivering government IT services and projects.

Millions written off

In December 2015 the Public Accounts Committee was highly critical of Atos in its report on the extraction service project.

The NHS Information Centre accepted the system from Atos although it didn’t work properly. The Centre also made public announcements at the time on the system’s success.  In fact the system had “fundamental design flaws” and millions of pounds was written off.

The Committee said,

“Very common mistakes from past projects were repeated, such as failing to adopt the right contracting approach, failing to ensure continuity of key staff on the project, and failing to undertake proper testing before accepting the system.

“GPES [General Practice Extraction Service] started some five years later than planned; it is over-budget; and it still does not provide the full service required.

“Atos, supplier for a key part of the system, may have met the letter of its contractual obligations but took advantage of a weak client by taking the client’s money while knowing full well that the whole system had not been properly tested.”

The Committee said that the NHS official who was chief executive of the Information Centre when it accepted the flawed system was “awarded total emoluments of £470,000 for the financial year 2012–2013 including a redundancy payment of £330,000”.

Tests

The Committee found that in its approach to the project, “Atos did not show an appropriate duty of care to the taxpayer”.

“We are not satisfied Atos provided proper professional support to an inexpert client and are very concerned that it appears to have acted solely with its own short term best interests in mind.

“Atos admitted that end-to-end testing should always be undertaken and that it was supposed to have happened in this case. However, NHS IC and Atos agreed a more limited test of the Atos component due to delays in completing other parts of the system.

“The Atos software passed this test, but after NHS IC accepted the system—and to Atos’s professed surprise—the system as a whole was found not to work. Atos claims it fixed the issues relating to its software at its own expense and that the additional £1.9 million it received while doing so was for additional work related to 15 new features.

“We found that Atos’s chief executive, Mr Adrian Gregory—the company’s witness in our enquiry—appeared rather indifferent to the plight of the client; we expect more from those contracting with government and receiving funds from the taxpayer.”

“Sharp practice”

The Committee recommended that the Cabinet Office undertake a “full review of Atos’s relationships as a supplier to the Crown”.

“We expect the Cabinet Office to note carefully this example of sharp practice when determining what obligations a duty of care on contractors should entail and what sanctions would apply when performance falls short.”

The government agreed to have a review.

Findings of Cabinet Office review of Atos contracts

The Cabinet Office found no “examples of behaviour that might be described as sharp commercial practice in the course of this review”.

The review team looked at 12 Atos contracts worth a total of more than £500m a year – 80% of Atos’s work with central government.

 

No: Department Contract Name
1 Department for Work and Pensions (DWP) Personal Independence Payments (PIP)
2 Department for Work and Pensions (DWP) Government Gateway Agreement
3 Department for Work and Pensions (DWP) ICT in support of medical assessments
4 HM Treasury (HMT) National Savings and Investments (NS&I)
5 Ministry of Justice (MOJ) Development, Innovation and Support Contracts (DISC) Infrastructure Services Agreement
6 Ministry of Justice (MOJ) End User Computing Services (EUCS)
7 Nuclear Decommissioning Authority (NDA) Shared Service Alliance
8 Home Office (HO) IND Procurement of Infrastructure Development and Support (IPIDS) Agreement
9 Home Office (HO) Contain Agreement
10 Department of Health (DH) Information Management Services (IMS 3)
11 Ministry of Defence (MOD) Strategic Partner Framework Defence Core Network Services (DCNS01)
12 Driver and Vehicle Standards Agency (DVSA) ICT Managed Services Agreement (IS2003)

Far from finding examples of sharp practice, the review team found “examples to the contrary”. In some of the contracts, Atos was “working at risk” and going “beyond their contractual obligations to act in the client’s interests”.

“Specific examples include expediting change control notices at the client’s request in advance of formal approval, taking financial risk ahead of contract extensions and proactively supporting the redeployment of resource to assist in the avoidance of client cost. On one contract, a notice period for a number of major decommissioning events lapsed and Atos continued to deliver the services flexibly to the client’s requirements until the service could be safely decommissioned.”

Where Atos did not meet monthly performance targets, service penalties were incurred and charged to Atos. “It was evident that when operational performance fell short appropriate sanctions were applied.”

Commitment

The Cabinet Office went on to say that Atos proactively and constructively engaged in the review and provided information as requested, “sometimes over and above their contractual commitments”.

The review team added,

“It is clear that Atos values its relationship as a supplier to the Crown; it has a comprehensive approach to the governance of all the contracts reviewed and the Atos leadership team shows commitment to its customers.

“In response to the PAC [Public Accounts Committee] hearing Atos has undertaken a number of initiatives to address PAC’s concerns.

“The Atos corporate programme ‘Client at the Heart’ aims to deepen the client-focussed culture within the organisation by embedding a set of values and action plans to deliver improved service for each contract they run, including all government contracts.

“In addition, whilst employees have always been recognised for achievement in quantitative and qualitative objectives, financial targets vary but typically account for only a small proportion of total reward packages.

“We see this as evidence that Atos client executives are incentivised to provide the appropriate professional support.”

An Atos spokesman told civilserviceworld that the company was “proud to be a trusted supplier” and had welcomed the review as an opportunity to demonstrate the quality of its services.

“We are pleased that the Cabinet Office has concluded that we deliver the appropriate level of professional support to our government clients,” he said.

Comment

It’s clear that Atos deserves credit for going beyond the call of duty on some contracts. It is also clear that those departmental officials the Cabinet Office spoke to as part of the review were happy with Atos.

What’s not so clear is the extent to which civil servants in general are in a position to know how well their major IT suppliers are performing.

Evidence from National Audit Office reports is that departments may not always have comprehensive, accurate and up-to-date information – and enough staff time – to give sound judgements on how well a major IT supplier is performing on a complex contract.

Indeed the National Audit Office can be scathing about the quality of contract management within departments.

In 2013 the Audit Office, in its report “Universal Credit: early progress” identified a series of astonishing failings that, taken together,  suggested that the DWP had little understanding of what its major IT suppliers were charging for, or why, let alone what their performance was like.

The DWP is the largest central government department – which leaves one to wonder whether some other departments, which have smaller budgets and fewer staff, are better or worse off in terms of understanding their IT contracts.

These were some of the contract management weaknesses at the DWP as identified by the National Audit Office in 2013:

  • Over-reliance on performance information that was provided by suppliers without Department validation.
  • Inadequate controls over what would be supplied, when and at what cost because deliverables were not always defined before contracts were signed.
  • Weak contractual relationships with supplier
  • The Department did not enforce all the key terms and conditions of its standard contract management framework, inhibiting its ability to hold suppliers to account.
  • Limited line of sight on cost of delivery, in particular between expenditure incurred and progress made in delivering outputs.
  • Poorly managed and documented financial governance, including for delegated financial authorities and approvals; for example 94 per cent of spending was approved by just four people but there is limited evidence that this was reviewed and challenged.
  • Limited IT capability and ‘intelligent client’ function leading to a risk of supplier self-review.
  • Insufficient review of contractor performance before making payments – on average six project leads were given three days to check 1,500 individual timesheets, with payments only stopped if a challenge was raised.
  • Ministers had insufficient information to assess the value for money of contracts before approving them.
  • Insufficient challenge of supplier-driven changes in costs and forecasts because the programme team did not fully understand the assumptions driving changes.

The Cabinet Office, in its review of Atos, found “inconsistencies” in departmental compliance with guidelines on contract management. It said,

“Where the evidence suggests that contract management is inconsistent [with National Audit Office guidelines on contract management] the Cabinet Office is discussing improvements with the contract owners in the Departments concerned.”

Praise where praise is due and Atos may well be a good – and perhaps outstanding – IT supplier to central government.

But if departments don’t have enough solid information on how well their major IT suppliers are performing, to what extent is any Cabinet Office statement praising an IT supplier likely to be a hopeful panegyric, based on what officials in departments believe they are expected to say?

Cabinet Office statement on Atos to the Public Accounts Committee – 8 September 2016

Public Accounts Committee report on Atos and the General Practice Extraction Service – December 2015

 

1 Comment

Posted in Atos, Campaign4Change, DWP, excessive secrecy, Government IT, IT security, IT successes, Major Projects Authority, National Audit Office, supplier relationships, Universal Credit

Tagged ,

Excellent reports on lessons from Universal Credit IT project published today – but who’s listening?

Posted on 06/09/2016 | 5 comments

By Tony Collins

“People burst into tears, so relieved were they that they could tell someone what was happening.”

The Institute for Government has today published one of the most incisive – and revelatory – reports ever produced on a big government IT project.

It concludes that the Universal Credit IT programme may now be in recovery after a disastrous start, but recovery does not mean recovered. Much could yet floor the programme, which is due to be complete in 2022.

The Institute’s main report is written by Nick Timmins, a former Financial Times journalist, who has written many articles on failed publicly-funded IT-based projects.

His invaluable report, “Universal Credit – from disaster to recovery?” – includes interviews with David Pitchford, a key figure in the Universal Credit programme, and Howard Shiplee who led the Universal Credit project.

Timmins also spoke to insiders, including DWP directors, who are not named, and the former secretary of state at the Department for Work and Pensions Iain Duncan Smith and the DWP’s welfare reform minster Lord Freud.

Separately the Institute has published a shorter report “Learning the lessons from Universal Credit which picks out from Timmins’ findings five “critical” lessons for future government projects. This report, too, is clear and jargon-free.

Much of the information on the Universal Credit IT programme in the Timmins report is new. It gives insights, for instance, into the positions of Universal Credit’s major suppliers HP, IBM, Accenture.

It also unearths what can be seen, in retrospect, to be a series of self-destructive decisions and manoeuvres by the Department for Work and Pensions.

But the main lessons in the report – such as an institutional and political inability to face up to or hear bad news – are not new, which raises the question of whether any of the lessons will be heeded by future government leaders – ministers and civil servants – given that Whitehall departments have been making the same mistakes, or similar ones, for decades?

DWP culture of suppressing any bad news continues

Indeed, even as the reports lament a lack of honesty over discussing or even mentioning problems – a “culture of denial” – Lord Freud, the minister in charge of welfare reform, is endorsing FOI refusals to publish the latest risk registers, project assessment reviews and other Universal Credit reports kept by the Department for Work and Pensions.

More than once Timmins expresses his surprise at the lack of information about the programme that is in the public domain. In the “acknowledgements” section at the back of his report Timmins says,

“Drafts of this study were read at various stages by many of the interviewees, and there remained disputes not just about interpretation but also, from some of them, about facts.

“Some of that might be resolvable by access to the huge welter of documents around Universal Credit that are not in the public domain. But that, by definition, is not possible at this stage.”

Churn of project leaders continues

Timmins and the Institute warn about the “churn” of project leaders, and the need for stable top jobs.

But even as the Institute’s reports were being finalised HMRC was losing its much respected chief digital officer Mark Dearnley, who has been in charge of what is arguably the department’s riskiest-ever IT-related programme, to transfer of legacy systems to multiple suppliers as part of the dismantling of the £8bn “Aspire” outourcing venture with Capgemini.

Single biggest cause of Universal Credit’s bad start?

Insiders told Timmins that the fraught start of Universal Credit might have been avoided if Terry Moran had been left as a “star” senior responsible owner of the programme. But Moran was given two jobs and ended up having a breakdown.

In January 2011, as the design and build on Universal Credit started, Terry Moran was given the job of senior responsible owner of the project but a few months later the DWP’s permanent secretary Robert Devereux took the “odd” decision to make Moran chief operating officer for the entire department as well. One director within the DWP told Timmins:

“Terry was a star. A real ‘can do’ civil servant. But he couldn’t say no to the twin posts. And the job was overwhelming.”

The director claimed that Iain Duncan Smith told Moran – a point denied by IDS – that if Universal Credit were to fail that would be a personal humiliation and one he was not prepared to contemplate. “That was very different from the usual ministerial joke that ‘failure is not an option’. The underlying message was that ‘I don’t want bad news’, almost in words of one syllable. And this was in a department whose default mode is not to bring bad news to the top. ‘We will handle ministers’ is the way the department operates…”

According to an insider, “Terry Moran being given the two jobs was against Iain’s instructions. Iain repeatedly asked Robert [Devereux] not to do this and Robert repeatedly gave him assurances that this would be okay” – an account IDS confirms. In September 2012, Moran was to have a breakdown that led to early retirement in March 2013. He recorded later for the mental health charity Time to Talk that “eventually, I took on more and more until the weight of my responsibilities and my ability to discharge them just grew too much for me”.

Timmins was told, “You cannot have someone running the biggest operational part of government [paying out £160bn of benefits a year] and devising Universal Credit. That was simply unsustainable,”

Timmins says in his report, “There remains a view among some former and current DWP civil servants that had that not happened (Moran being given two jobs), the programme would not have hit the trouble it did. ‘Had he been left solely with responsibility for UC [Universal Credit], I and others believe he could have delivered it, notwithstanding the huge challenges of the task,’ one says.”

Reviews of Universal IT “failed”

Timmins makes the point that reviews of Universal Credit by the Major Projects Authority failed to convey in clear enough language that the Universal Credit programme was in deep trouble.

“The [Major Projects Authority] report highlighted a lack of sufficient substantive action on the points raised in the March study. It raised ‘high’ levels of concern about much of the programme – ‘high’ being a lower level of concern than ‘critical’. But according to those who have seen the report, it did not yet say in words of one syllable that the programme was in deep trouble.”

Iain Duncan Smith told Timmins that the the Major Projects review process “failed me” by not warning early enough of fundamental problems. It was the ‘red team’ report that did that, he says, and its contents made grim reading when it landed at the end of July in 2012.

Train crash on the way

The MPA [Cabinet Office’s Major Projects Authority] reviewed the programme in March 2011. “MPA reports are not in the public domain. But it is clear that the first of these flagged up a string of issues that needed to be tackled …

” In June a member of the team developing the new government’s pan-government website – gov.uk – was invited up to Warrington [base for the Universal Credit IT team] to give a presentation on how it was using an agile approach to do that.

“At the end of the presentation, according to one insider, a small number from the audience stayed behind, eyeing each other warily, but all wanting to talk. Most of them were freelancers working for the suppliers. ‘Their message,’ the insider says, ‘was that this was a train crash on the way’ – a message that was duly reported back to the Cabinet Office, but not, apparently, to the DWP and IDS.”

Scared to tell the truth

On another occasion when the Major Projects Authority visited the IT team at Warrington for the purposes of its review, the review team members decided that “to get to the truth they had to make people not scared to tell the truth”. So the MPA “did a lot of one-on-one interviews, assuring people that what they said would not be attributable. And under nearly every stone was chaos.

“People burst into tears, so relieved were they that they could tell someone what was happening.

” There was one young lad from one of the suppliers who said: ‘Just don’t put this thing [Universal Credit] online. I am a public servant at heart. It is a complete security disaster.’

IBM, Accenture and HP

“Among those starting to be worried were the major suppliers – Accenture, HP and IBM. They started writing formal letters to the department.

‘Our message,’ according to one supplier, ‘was: ‘Look, this isn’t working. We’ll go on taking your money. But it isn’t going to work’.’ Stephen Brien [then expert adviser to IDS] says of those letters: ‘I don’t think Iain saw them at that time, and I certainly didn’t see them at the time.”

At one point “serious consideration was given to suing the suppliers but they had written their warning letters and it rapidly became clear that that was not an option”.

Howard Shiplee, former head of the project, told Timmins that he had asked himself ‘how it could be that a very large group of clever people drawn from the DWP IT department with deep experience of the development and operation of their own massive IT systems and leading industry IT suppliers had combined to get the entire process so very wrong? Equally, ‘how could another group of clever people [the GDS team] pass such damning judgement on this earlier work and at the stroke of a pen seek to write off millions of pounds of taxpayers’ money?’

Shiplee commissioned a review from PwC on the work carried out to date and discovered that the major suppliers “were genuinely concerned to have their work done properly, support DWP and recover their reputations”.

In addition, when funding had been blocked at the end of 2012, the suppliers “had not simply downed tools but had carried on development work for almost three months” as they ran down the large teams that had been working on it.

“As a result, they had completed the development for single claimants that was being used in the pathfinder and made considerable progress on claims for couples and families. And their work, the PwC evaluation said, was of good quality.”

On time?

When alarm bells finally started ringing around Whitehall that Universal Credit was in trouble,  IDS found himself under siege. Stephen Brien says IDS was having to battle with the Treasury to keep the funding going for the project. He had to demonstrate that the programme was on time and on budget.

‘The department wanted to support him in that, and didn’t tell him all the things that were going wrong. I found out about some of them, but I didn’t push as hard as I should have. And looking back, the MPA [Major Projects Authority] meetings and the MPA reports were all handled with a siege mentality. We all felt we had to stand shoulder to shoulder defending where we were and not really using them to ask: ‘Are we where we should be?’

‘As a result we were not helping ourselves, and we certainly were not helping others, including the MPA. But we did get to the stage between the end of 2011 and the spring of 2012 where we said: ‘Okay, let’s get a red team in with the time and space to do our own challenge.’”

The DWP’s “caste” system

A new IT team was created in Victoria Street, London – away from Warrington but outside the DWP’s Caxton Street headquarters. It started to take a genuinely agile approach to the new system. One of those involved told Timmins:

“It had all been hampered by this caste system in the department where there is a policy elite, then the operational people, and then the technical people below that.

“And you would say to the operational people: ‘Why have you not been screaming that this will never work?’ And they’d say: ‘Well, we’re being handed this piece of sh** and we are just going to have to make it work with workarounds, to deal with the fact that we don’t want people to starve. So we will have to work out our own processes, which the policy people will never see, and we will find a way to make it work.’

Twin-track approach

IBM, HP and Accenture built what’s now known as the “live” system which enabled Universal Credit to get underway, and claims to be made in jobcentres.

It uses, in part, the traditional “waterfall” approach and has cost hundreds of millions of pounds. In contrast there’s a separate in-house “digital” system that has cost less than £10m and is an “agile” project.

A key issue, Shiplee told Timmins, was that the new digital team “would not even discuss the preceding work done by the DWP and its IT suppliers”. The digital team had, he says, “a messiah-like approach that they were going to rebuild everything from scratch”.

Rather than write everything off, Shiplee wanted ideally to marry the “front-end” apps that the GDS/DWP team in Victoria Street was developing with the work already done. But “entrenched attitudes” made that impossible. The only sensible solution, he decided, was a “twin-track” approach.

“The Cabinet Office remained adamant that the DWP should simply switch to the new digital version – which it had now become clear, by late summer, would take far longer to build than they anticipated – telling the DWP that the problem was that using the original software would mean ‘creating a temporary service, and temporary will become permanent’.

“All of which led to the next big decision, which, to date, has been one of the defining ones. In November 2013, a mighty and fraught meeting of ministers and officials was convened. Pretty much everyone was there. The DWP ministers, Francis Maude (Cabinet Office minister), Oliver Letwin who was Cameron’s policy overlord, Sir Jeremy Heywood, the Cabinet Secretary, Sir Bob Kerslake, the head of the home civil service, plus a clutch of DWP officials including Robert Devereux and Howard Shiplee as the senior responsible owner along with Danny Alexander and Treasury representatives.

“The decision was whether to give up on the original build, or run a twin-track approach: in other words, to extend the use of the original build that was by now being used in just over a dozen offices – what became dubbed the ‘live’ service – before the new, and hopefully much more effective, digital approach was finished and on stream.

“It was a tough and far from pleasant meeting that is etched in the memories of those who were there…

“One of those present who favoured the twin-track approach says: There were voices for writing the whole of the original off. But that would have been too much for Robert Devereux [the DWP’s Permanent Secretary] and IDS.

” So the twin-track approach was settled on – writing a lot of the original IT down rather than simply writing it off. That, in fact, has had some advantages even if technically it was probably the wrong decision…

“It has, however, seen parts of the culture change that Universal Credit involves being rolled out into DWP offices as more have adopted Universal Credit, even if the IT still requires big workarounds.

“More and more offices, for example, have been using the new claimant commitment, which is itself an important part of Universal Credit. So it has been possible to train thousands of staff in that, and get more and more claimants used to it, while also providing feedback for the new build.”

Francis Maude was among those who objected to the twin-track approach, according to leaked minutes of the project oversight board at around this time.

Lord Freud told Timmins,

‘Francis was adamant that we should not go with the live system [that is, the original build]. He wanted to kill it. But we, the DWP, did not believe that the digital system would be ready on anything like the timescales they were talking about then …But I knew that if you killed the live system, you killed Universal Credit…”

In the end the twin-track approach was agreed by a majority. But the development of the ‘agile’ digital service was immediately hampered by a spat over how quickly staff from the GDS were to be withdrawn from the project.

Fury over National Audit Office report

In 2013 the National Audit Office published a report Universal Credit – early progress –  that, for the first time, brought details of the problems on the Universal Credit programme into the public domain. Timmins’ report says that IDS and Lord Freud were furious.

“IDS and, to an only slightly lesser extent, Lord Freud were furious about the NAO report; and thus highly defensive.”

IDS tried to present the findings of the National Audit Office as purely historical.

In November 2014, the NAO reported again on Universal Credit. It once more disclosed something that ministers had not announced – that the timetable had again been put back two years (which raises further questions about why Lord Freud continues to refuse FOI requests that would put into the public domain – and inform MPs – about project problems, risks and delays without waiting for an NAO report to be published)..

Danny Alexander “cut through” bureaucracy

During one period, the Treasury approval of cash became particularly acute. Lord Freud told Timmins:

“We faced double approvals. We had approval about any contract variation from the Cabinet Office and then approvals for the money separately from the Treasury.

“The Government Digital Service got impatient because they wanted to make sure that the department had the ability to build internally rather than going out to Accenture and IBM, who (sic) they hate.

“The approvals were ricocheting between the Cabinet Office and the Treasury and when we were trying to do rapid iteration. That was producing huge delays, which were undermining everything. So in the end Danny Alexander [Lib-dem MP who was chief secretary to the Treasury] said: ‘I will clear this on my own authority.’ And that was crucial. Danny cut through all of that.”

Optimism bias

So-called optimism bias – over-optimism – is “such a common cause of failure in both public and private projects that it seems quite remarkable that it needs restating. But it does – endlessly”.

Timmins says the original Universal Credit white paper – written long before the start of the programme – stated that it would involve “an IT development of moderate scale, which the Department for Work and Pensions and its suppliers are confident of handling within budget and timescale”.

David Pitchford told Timmins,

“One of the greatest adages I have been taught and have learnt over the years in terms of major projects is that hope is not a management tool. Hoping it is all going to come out all right doesn’t cut it with something of this magnitude.

“The importance of having a genuine diagnostic machine that creates recommendations that are mandatory just can’t be overstated. It just changes the whole outcome completely. As opposed to obfuscation and optimism bias being the basis of the reporting framework. It goes to a genuine understanding and knowledge of what is going on and what is going wrong.”

Sir Bob Kerslake, who also identified the ‘good news culture’ of the DWP as being a problem, told Timmins,

“All organisations should have that ability to be very tough about what is and isn’t working. The people at the top have rose-tinted specs. They always do. It goes with the territory.

And unless you are prepared to embrace people saying that ‘really, this is in a bad place’… I can think of points where I have done big projects where it was incredibly important that we delivered the unwelcome news of where we were on that project. But it saved me, and saved my career.”

Recovery?

Timmins makes good arguments for his claim that the Universal Credit programme may be in recovery – but not recovered – and that improvements have been made in governance to allow for decisions to be properly questioned.

But there is no evidence the DWP’s “good news” culture has changed. For instance the DWP says that more than 300,000 people are claiming Universal Credit but the figure has not been audited and it’s unclear whether claimants who have come off the benefit and returned to it – perhaps several times – are being double counted.

Timmins points out the many uncertainties that cloud the future of the Universal Credit programme  – how well the IT will work, whether policy changes will hit the programme, whether enough staff will remain in jobcentres, and whether the DWP will have good relations with local authorities that are key to the delivery of Universal Credit but are under their own stresses and strains with resourcing.

There are also concerns about what changes the Scots and Northern Irish may want under their devolved powers, and the risk that any ‘economic shock’ post the referendum pushes up the volume of claimants with which the DWP has to deal.

 Could Universal Credit fail for non-IT reasons?

Timmins says,

“In seeking to drive people to higher earnings and more independence from the benefits system, there will be more intrusion into and control over the lives of people who are in work than under the current benefits system. And there are those who believe that such an approach – sanctioning people who are already working – will prove to be political dynamite.”

The dire consequences of IT-related failure

It is also worth noting that Universal Credit raises the stakes for the DWP in terms of its payment performance, says Timmins.

“If a tax credit or a Jobseeker’s Allowance payment or any of the others in the group of six go awry, claimants are rarely left penniless in the sense that other payments – for example, Housing Benefit in the case of Jobseeker’s Allowance or tax credits, – continue.

“If a Universal Credit payment fails, then all the support from the state, other than Child Benefit or disability benefits not included within Universal Credit, disappears.”

This happened recently in Scotland when an IT failure left hundreds of families penniless. The DWP’s public response was to describe the failure in Scotland as “small-scale”.

Comment

What a report.

It is easy to see how much work has gone into it. Timmins has coupled his own knowledge of IT-related failure with a thorough investigation into what has gone wrong and what lessons can be learned.

That said it may make no difference. The Institute in its “lessons” report uses phrases such as “government needs to make sure…”. But governments change and new administrations have an abundance – usually a superfluity – of confidence and ambition. They regard learning lessons from the past as putting on brakes or “nay saying”. You have to get with the programme, or quit.

Lessons are always the same

There will always be top-level changes within the DWP. Austerity will always be a factor.  The culture of denial of bad news, over-optimism about what can be achieved by when and how easily it can be achieved, over-expectations of internal capability, over-expectation of what suppliers can deliver, embarking on a huge project without clearly or fully understanding what it will involve, not listening diligently to potential users and ridiculously short timescales are all well-known lessons.

So why do new governments keep repeating them?

When Universal Credit’s successor is started in say 2032, the same mistakes will probably be repeated and the Institute for Government, or its successor, will write another similar report on the lessons to be learned.

When Campaign4Change commented in 2013 that Universal Credit would probably not be delivered before 2020 at the earliest, it was an isolated voice. At the time, the DWP press office – and its ministers – were saying the project was on budget and “on time”.

NPfIT

The National Audit Office has highlighted similar lessons to those in the Timmins report, for example in NAO reports on the NPfIT – the NHS IT programme that was the world’s largest non-military IT scheme until it was dismantled in 2011. It was one of the world’s biggest IT disasters – and none of its lessons was learned on the Universal Credit programme.

The NPfIT had an anti-bad news culture. It did not talk enough to end users. It had ludicrous deadlines and ambitions. The politicians in charge kept changing, as did some of programme leaders. There was little if any effective internal or external challenge. By the time it was dismantled the NPfIT had lost billions.

What the Institute for Government could ask now is, with the emasculation of the Government Digital Service and the absence of a powerful Francis Maude figure, what will stop government departments including the DWP making exactly the mistakes the IfG identifies on big future IT-enabled programmes?

In future somebody needs the power to say that unless there is adequate internal and external challenge this programme must STOP – even if this means contradicting a secretary of state or a permanent secretary who have too much personal and emotional equity in the project to allow it to stop. That “somebody” used to be Francis Maude. Now he has no effective replacement.

Victims

It’s also worth noting in the Timmins report that everyone seems to be a victim, including the ministers. But who are perpetrators? Timmins tries to identify them. IDS does not come out the report smelling of roses. His passion for success proved a good and bad thing.

Whether the direction was forwards or backwards IDS  was the fuel that kept Universal Credit going.  On the other hand his passion made it impossible for civil servants to give him bad news – though Timmins raises questions about whether officials would have imparted bad news to any secretary of state, given the DWP’s culture.

Neither does the DWP’s permanent secretary Robert Devereux emerge particularly well from the report.

How it is possible for things to go so badly wrong with there being nobody to blame? The irony is that the only people to have suffered are the genuine innocents – the middle and senior managers who have most contributed to Universal Credit apparent recovery – people like Terry Moran.

Perhaps the Timmins report should be required reading among all involved in future major projects. Competence cannot be made mandatory. An understanding of the common mistakes can.

Thank you to FOI campaigner Dave Orr for alerting me to the Institute’s Universal Credit reports.

Thanks also to IT projects professional John Slater – @AmateurFOI – who has kept me informed of his FOI requests for Universal Credit IT reports that the DWP habitually refuse. 

Update 18.00 6 September 2016

In a tweet today John Slater ( @AmateurFOI ) makes the important point that he asked the DWP and MPA whether either had held a “lessons learned” exercise in the light of the “reset” of the Universal Credit IT programme. The answer was no.

This perhaps reinforces the impression that the DWP is irredeemably complacent, which is not a good position from which to lead major IT projects in future.

Universal Credit – from disaster to recovery?

Learning the lessons from Universal Credit

 

5 Comments

Posted in Accenture, Agile, Campaign4Change, capacity building, Capgemini, change management, consultants, culture, DWP, excessive secrecy, FOI, Freedom of Information, Gateway reviews, GDS, Government digital Service, Government IT, HMRC, HP, IBM, Institute for Government, IT-related failures, Legacy ICT, Major Projects Authority, National Audit Office, npfit, project management, PWC, Real-Time Information, supplier relationships, Universal Credit

Tagged , , , ,

Inside Universal Credit IT – analysis of document the DWP didn’t want published

Posted on 20/07/2016 | 9 comments

dwpBy Tony Collins

Written evidence the Department for Work and Pensions submitted to an FOI tribunal – but did not want published (ever) – reveals that there was an internal “lack of candour and honesty throughout the [Universal Credit IT] Programme and publicly”.

It’s the first authoritative confirmation by the DWP that it has not always been open and honest when dealing with the media on the state of the Universal Credit IT programme.

FOI tribunal grants request to publish DWP's written submission

FOI tribunal grants request to publish DWP’s written submission

According to the DWP submission, senior officials on the Programme became so concerned about leaks that a former member of the security services was brought in to lead an investigation. DWP staff and managers were the subjects of “detailed interviews”. Employee emails were “reviewed”, as were employee access rights to shared electronic areas.

Staff became “paranoid” about accidentally leaving information on a printer. Some of the high-security measures appear still to be in place.

Unpublished until now, the DWP’s written legal submission referred, in part, to the effects on employees of leak investigations.

The submission was among the DWP’s written evidence to an FOI Tribunal in February 2016.

The Government Legal Service argued that the DWP’s written evidence was for the purposes of the tribunal only. It should not be published or passed to an MP.

The Legal Service went further: it questioned the right of an FOI Tribunal to decide on whether the submission could be published. Even so a judge has ruled that the DWP’s written evidence to the tribunal can be published.

Excerpts from the submission are here.

Analysis and Comment

The DWP’s submission gives a unique glimpse into day-to-day life and corporate sensitivities at or near the top of the Universal credit IT programme.

It reveals the lengths to which senior officials were willing to go to stop any authoritative “bad news” on the Universal Credit IT programme leaking out. Media speculation DWP’s senior officials do not seem to mind. What appears to concern them is the disclosure of any credible internal information on how things are progressing on Universal Credit IT.

Confidential

Despite multiple requests from IT suppliers, former government CIOs and MPs, for Whitehall to publish its progress reports on big IT-based change programmes (some examples below), all central departments keep them confidential.

That sensitivity has little to do with protecting personal data.

It’s likely that reviews of projects are kept confidential largely because they could otherwise expose incompetence, mistakes, poor decisions, risks that are likely to materialise, large sums that have been wasted or, worst of all, a project that should have been cancelled long ago and possibly re-started, but which has been kept going in its original form because nobody wanted to own up to failure.

Ian watmore front cover How to fix government IROn this last point, former government CIO and permanent secretary Ian Watmore spoke to MPs in 2009 about how to fix government IT. He said,

“An innovative organisation tries a lot of things and sometimes things do not work. I think one of the valid criticisms in the past has been when things have not worked, government has carried on trying to make them work well beyond the point at which they should have been stopped.”

Individual accountability for failure?

Oblivious to MPs’ requests to publish IT progress reports, the DWP routinely refuses FOI requests to publish IT progress reports, even when they are several years old, even though by then officials and ministers involved will probably have moved on. Individual accountability for failure therefore continues to be non-existent.

Knowing this, MPs on two House of Commons select committees, Public Accounts and Work and Pensions, have called for the publication of reports such as “Gateway” reviews.

This campaign for more openness on government IT projects has lasted nearly three decades. And still Whitehall never publishes any contemporaneous progress reports on big IT programmes.

It took an FOI campaigner and IT projects professional John Slater [@AmateurFOI] three years of legal proceedings to persuade the DWP to release some old reports on the Universal Credit IT programme (a risk register, milestone schedule and issues log). And he had the support of the Information Commissioner’s legal team.

universal creditWhen the DWP reluctantly released the 2012 reports in 2016 – and only after an informal request by the then DWP secretary of state Stephen Crabb – pundits were surprised at how prosaic the documents were.

Yet we now know, thanks to the DWP’s submission, the lengths to which officials will go to stop such documents leaking out.

Understandable?

Some at the DWP are likely to see the submission as explaining some of understandable measures any government department would take to protect sensitive information on its largest project, Universal Credit. The DWP is the government largest department. It runs some of the world’s biggest IT systems. It possesses personal information on nearly everyone in Britain. It has to make the protection of its information a top priority.

Others will see the submission as proof that the DWP will do all it can to honour a decades-old Whitehall habit of keeping bad news to itself.

Need for openness

It’s generally accepted that success in running big IT-enabled change programmes requires openness – with staff and managers, and with external organisations and agencies.

IT-based change schemes are about solving problems. An introspective “good news only” culture may help to explain why the DWP has a poor record of managing big and successful IT-based projects and programmes. The last time officials attempted a major modernisation of benefit systems in the 1990s – called Operational Strategy – the costs rose from £713m to £2.6bn and the intended objective of joining up the IT as part of a “whole person” concept, did not happen.

Programme papers“watermarked”

The DWP’s power, mandate and funding come courtesy of the public. So do officials, in return, have the right to keep hidden mistakes and flawed IT strategies that may lead to a poor use – or wastage – of hundreds of millions of pounds, or billions?

The DWP’s submission reveals that recommendations from its assurance reports (low-level reports on the state of the IT programme including risks and problems) were not circulated and a register was kept of who had received them.

Concern over leaks

The submission said that surveys on staff morale ceased after concerns about leaks. IT programme papers were no longer sent electronically and were delivered by hand. Those that were sent were “double-enveloped” and any that needed to be retained were “signed back in”. For added security, Universal Credit programme papers were watermarked.

When a former member of the security services was brought in to conduct a leaks investigation, staff and mangers were invited by the DWP’s most senior civil servant to “speak to the independent investigator if they had any information”. This suggests that staff were expected to inform on any suspect colleagues.

People “stopped sharing comments which could be interpreted as criticism of the [Universal Credit IT] Programme,” said the submission. “People became suspicious of their colleagues – even those they worked closely with.

“There was a lack of trust and people were very careful about being honest with their colleagues…

“People felt they could no longer share things with colleagues that might have an honest assessment of difficulties or any negative criticism – many staff believed the official line was, ‘everything is fine’.

“People, even now, struggle to trust colleagues with sensitive information and are still fearful that anything that is sent out via email will be misused.

“For all governance meetings, all documents are sent out as password protected, with official security markings included, whether or not they contain sensitive information.”

“Defensive”

dwpLines to take with the media were added to a “Rolling Brief”, an internal update document, that was circulated to senior leaders of the Universal Credit IT programme, the DWP press office and special advisors.

These “lines to take” were a “defensive approach to media requests”. They emphasised the “positive in terms of progress with the Programme without acknowledging the issues identified in the leaked stories”.

This positive approach to briefing and media management “led to a lack of candour and honesty through the Programme and publically …”

How the DWP’s legal submission came about is explained in this separate post.

Were there leaks of particularly sensitive information?

It appears not. The so-called leaks revealed imperfections in the running of the Universal Credit programme; but there was no personal information involved. Officials were concerned about the perceived leak of a Starting Gate Review to the Telegraph (although the DWP had officially lodged the review with the House of Commons library).

The DWP also mentioned in its statement a leak to the Guardian of the results of an internal “Pulse” survey of staff morale – although it’s unclear why the survey wasn’t published officially given its apparent absence of sensitive commercial, personal, corporate or governmental information.

NPfIT

The greater the openness in external communications, the less likely a natural scepticism of new ways of working will manifest in a distrust of the IT programme as a whole.

The NHS’s National Programme for IT (NPfIT) – then the UK’s biggest IT programme costing about £10bn – was dismantled in 2011 after eight fraught years. One reason it was a disaster was the deep distrust of the NPfIT among clinicians, hospital technologists, IT managers, GPs and nurses. They had listened with growing scepticism to Whitehall’s oft-repeated “good news” announcements.

Ex-Government CIO wanted more openness on IT projects

When MPs have asked the DWP why it does not publish reports on the progress of IT-enabled projects, it has cited “commercial confidentiality”.

But in 2009, Ian Watmore (the former Government CIO) said in answer to a question by Public Account Committee MP Richard Bacon that he’d endorse the publication of Gateway reviews, which are independent assessments of the achievements, inadequacies, risks, progress and challenges on risky IT-based programmes.

“I am with you in that I would prefer Gateway reviews to be published because of the experience we had with capability reviews (published reports on a department’s performance). We had the same debate (as with Gateway reviews) and we published them. It caused furore for a few weeks but then it became a normal part of the furniture,” said Watmore.

Capability reviews are no longer published. The only “regular” reports of Whitehall progress with big IT programmes are the Infrastructure and Projects Authority’s annual reports. But these do not include Gateway reviews or other reports on IT projects and programmes. The DWP and other departments publish only their own interpretations of project reviews.

In the DWP’s latest published summary of progress on the Universal Credit IT programme, dated July 2016, the focus is on good news only.

But this creates a mystery. The Infrastructure and Projects Authority gave the Universal Credit programme an “amber” rating in its annual report which was published this month. But neither the DWP nor the Authority has explained why the programme wasn’t rated amber/green or green.

MPs and even IT suppliers want openness on IT projects

Work and Pensions Committee front coverIn 2004 HP, the DWP’s main IT supplier, told a Work and Pensions Committee inquiry entitled “Making IT work for DWP customers” in 2004 that “within sensible commercial parameters, transparency should be maintained to the greatest possible extent on highly complex programmes such as those undertaken by the DWP”.

The Work and Pensions Committee spent seven months investigating IT in the DWP and published a 240-page volume of oral and written in July 2004. On the matter of publishing “Gateway” reviews on the progress or otherwise of big IT projects, the Committee concluded,

“We found it refreshing that major IT suppliers should be content for the [Gateway] reviews to be published. We welcome this approach. It struck us as very odd that of all stakeholders, DWP should be the one which clings most enthusiastically to commercial confidentiality to justify non-disclosure of crucial information, even to Parliament.”

The Committee called for Gateway reviews to be published. That was 12 years ago – and it hasn’t happened.

Four years later the Committee found that the 19 most significant DWP IT projects were over-budget or late.

DWP headline late and over budget

In 2006 the National Audit Office reported on Whitehall’s general lack of openness in a report entitled “Delivering successful IT-enabled business change”.

The report said,

“The Public Accounts Committee has emphasised frequently the need for greater transparency and accountability in departments’ performance in managing their programmes and projects and, in particular, that the result of OGC Gateway Reviews should be published.”

But today, DWP officials seem as preoccupied as ever with concealing bad news on their big IT programmes including Universal Credit.

The costs of concealment

The DWP has had important DWP project successes, notably pension credits, which was listed by the National Audit Office as one of 24 positive case studies.

But the DWP has also wasted tens of millions of pounds on failed IT projects.

Projects with names such as “Camelot” [Computerisation and Mechanisation of Local Office Tasks] and Assist [Analytical Services Statistical Information System) were cancelled with losses of millions of pounds. More recently the DWP has run into problems on several big projects.

“Abysmal”

On 3 November 2014 the then chairman of the Public Accounts Committee Margaret Hodge spoke on Radio 4’s Analysis of the DWP’s ‘abysmal’ management of IT contracts.”

1984

As long ago as 1984, the House of Commons Public Accounts Committee called for the civil service to be more open about its progress on major computer projects.

Today there are questions about whether the Universal Credit IT will succeed. Hundreds of millions has already been spent. Yet, as mentioned earlier, current information on the progress of the DWP’s IT programmes remains a state secret.

It’s possible that progress on the Universal Credit IT programme has been boosted by the irregular (but thorough) scrutiny by the National Audit Office. That said, as soon as NAO reports on Universal Credit are published, ministers and senior officials who have seen copies in advance routinely dismiss any criticisms as retrospective and out-of-date.

Does it matter if the DWP is paranoid about leaks?

A paper published in 2009 looks at how damaging it can be for good government when bureaucracies lack internal challenge and seek to impose on officials a “good news” agenda, where criticism is effectively prohibited.

The paper quoted the then Soviet statesman Mikhail Gorbachev as saying, in a small meeting with leading Soviet intellectuals,

“The restructuring is progressing with great difficulty. We have no opposition party. How then can we control ourselves? Only through criticism and self-criticism. Most important: through glasnost.”

Non-democratic regimes fear a free flow of information because it could threaten political survival. In Russia there was consideration of partial media freedom to give incentives to bureaucrats who would otherwise have no challenge, and no reason to serve the state well, or avoid mistakes.

The Chernobyl nuclear disaster, which occurred on April 26, 1986, was not acknowledged by Soviet officials for two days, and only then after news had spread across the Western media.

The paper argued that a lack of criticism could keep a less democratic government in power. But it can lead to a complacency and incompetence in implementing policy that even a censored media cannot succeed in hiding.

As one observer noted after Chernobyl (Methvin in National Review, Dec. 4, 1987),

“There surely must be days—maybe the morning after Chernobyl—when Gorbachev wishes he could buy a Kremlin equivalent of the Washington Post and find out what is going on in his socialist wonderland.”

Red team

Iain DuncanSmithA lack of reliable information on the state of the Universal Credit IT programme prompted the then secretary of state Iain Duncan Smith to set up his own “red team” review.

That move was not known about at the time. Indeed in December 2012 – at a point when the DWP was issuing public statements on the success of the Universal Credit Programme – the scheme was actually in trouble. The DWP’s legal submission said,

“In summary we concluded (just before Christmas 2012) that the IT system that had been developed for the launch of UC [Universal Credit] had significant problems.”

One wonders whether DWP civil servants kept Duncan Smith in the dark because they themselves had not been fully informed about what was going on, or because they thought the minister was best protected from knowing what was going on, deniability being one key Whitehall objective.

But in the absence of reliable internal information a political leader can lose touch completely, said the paper on press freedom.

“On December 21, 1989, after days of local and seemingly limited unrest in the province of Timi¸ Ceausescu called for a grandiose meeting at the central square of Bucharest, apparently to rally the crowds in support of his leadership. In a stunning development, the meeting degenerated into anarchy, and Ceausescu and his wife had to flee the presidential palace, only to be executed by a firing squad two days later.”

Wrong assumptions

Many times, after the IT media has published articles on big government IT-based project failures, TV and radio journalists have asked to what extent the secretary of state was responsible and why he hadn’t acted to stop millions of pounds being wasted.

But why do broadcast journalists assume ministers control their departments? It is usually more likely that ministers know little about the real risks of failure until it is too late to act decisively.

Lord Bach, a minister at DEFRA, told a House of Commons inquiry in 2007 into the failure of the IT-based Single Payment Scheme that he was aware of the risks but still officials told him that systems would work as planned and farmers would receive payments on time. They didn’t. Chaos ensued.

Said Lord Bach,

“I do think that, at the end of the day, some of the advice that I received from the RPA [Rural Payments Agency] was over-optimistic.”

Lord WhittyAnother DEFRA minister at the time Lord Whitty, who was also party in charge of the Single Payment Scheme, told the same inquiry,

“Perhaps I ought also to say that this was the point at which I felt the advice I was getting was most misleading, and I have used the term ‘misleading’ publicly but I would perhaps prefer to rephrase that in the NAO terms …”

Even the impressive Stephen Crabb – who has now quit as DWP secretary of state – didn’t stand much of chance of challenging his officials. The department’s contracts, IT and other affairs, are so complex and complicated – there are bookcases full of rules and regulations on welfare benefits – that any new ministers soon find themselves overwhelmed with information and complexity.

They will soon realise they are wholly dependent on their officials; and it is the officials who decide what to tell the minister about internal mistakes and bad decisions. Civil servants would argue that ministers cannot be told everything or they would be swamped.

But the paper on press freedom said that in order to induce high effort within a bureacucracy, the leader needs “verifiable information on the bureaucrats’ performance”.

The paper made a fascinating argument that the more complacent the bureaucracy, the more aggressively it would control information. Some oil-rich countries, said the paper, have less media freedom than those with scarcer resources.

“Consistent with our theory, [some] non-democratic countries … have vast resources and poor growth performance, while the Asian tigers (South Korea, Taiwan, Hong Kong, and Singapore), while predominantly non-democratic in the 1970s and 1980s, have high growth rates and scarce natural resource.”

In an apparent opening up of information, the government in China passed a law along the lines of the U.S. Freedom of Information Act (“China Sets Out to Cut Secrecy, but Laws Leave Big Loopholes,” New York Times, Apr. 25, 2007). But was this law self-serving? It, and the launch of local elections, provided the central government with relatively reliable information on the performance of provincial bosses.

These stories from less democratic countries may be relevant in Britain because politicians here, including secretaries of state, seem to be the last to know when a big IT-based programme is becoming a disaster.

Bad news

Whtehall’s preoccupation with “good news only” goes well beyond the DWP.

T auditors Arthur D Little, in a forensic analysis of the delays, cost over-runs and problems on the development of a huge air traffic control IT project for National Air Traffic Services, whose parent was then the Civil Aviation Authority, which was part of the Department for Transport, referred to an “unwillingness to face up to and discuss bad news”.

Ministers helpless to force openness on unwilling officials?

Francis Maude came to the Cabinet Office with a reforming zeal and a sophisticated agenda for forcing through more openness, but the effects of his efforts began to evaporate as soon as he left office. Even when he was at the height of his power and influence, he was unable to persuade civil servants to publish Gateway reviews, although he’d said when in opposition that he intended to publish them.

His negotiations ended with central departments agreeing to publish only the “traffic light” status of big projects – but only after a minimum delay of at least six months. In practice the delay is usually a year or more.

Brexit

Brexit campaigners argue that the EC is undemocratic, that decisions are taken in Brussels in secret by unelected bureaucrats. But the EC is at least subject to the scrutiny, sometimes the competing scrutiny, of 29 countries.

Arguably Whitehall’s departments are also run by unelected bureaucrats who are not subject to any effective scrutiny other than inspections from time to time of the National Audit Office.

Yes Minister parodied Sir Humphrey’s firm grip on what the public should and should not be told. Usually his recommendation was that the information should be misleadingly reassuring. This was close enough to reality to be funny. And yet close enough to reality to be serious as well. It revealed a fundamental flaw in democracy.

Nowhere is that flaw more clearly highlighted than in the DWP’s legal submission. Is it any surprise that the DWP did not want the submission published?

If officials had the choice, would they publish any information that they did not control on any of their IT projects and programmes?

That’s where the indispensable work of the National Audit Office comes into the picture – but it alone, even with the help of the Public Accounts Committee, cannot plug the gaping hole in democracy that the DWP’s submission exposes.

These are some thoughts I am left with after reading the legal submission in the light of the DWP’s record on the management of IT-based projects …

  • Press freedom and the free flow of information cannot be controlled in a liberal democracy. But does Whitehall have its own subtle – and not so subtle – ways and means?
  • In light of the DWP’s track record, the public and the media are entitled to distrust whatever ministers and officials say publicly about their own performance on IT-related programmes, including Universal Credit.
  • More worryingly, would the DWP’s hierarchy care a jot if the media and public didn’t believe what the department said publicly about progress on big projects such as Universal Credit?
  • Is the DWP’s unofficial motto: Better to tell a beautiful lie than an ugly truth?
  • AL Kennedy mentioned the “botched” Universal Credit programme  when she gave a “point of view” on Radio 4 last week. Not referring specifically to Universal Credit she said facts can be massaged but nature can’t be fooled. A girder that won’t hold someone’s weight is likely to fail however many PR-dominated assurance reports have gone before. “Facts are uncompromising and occasionally grim. I wish they weren’t. Avoiding them puts us all at increased risk,” she said.

 Excerpts from the DWP submission

Some Twitter comments on this post:

tweet2

tweet3

tweet

tweet4

9 Comments

Posted in Accenture, Agile, Campaign4Change, change management, China, culture, DEFRA, Department of Health, DWP, excessive secrecy, FOI, Gateway reviews, governance, Government digital Service, Government IT, HP, Institute for Government, IT projects, IT successes, IT-related failures, Legacy ICT, LPfIT, Major Projects Authority, National Audit Office, npfit, private sector lessons for the public sector, project management, public services, supplier relationships, Universal Credit

Tagged , , , , ,

Another public sector IT project disaster – but a useful failure if lessons are disseminated

Posted on 12/07/2016 | 3 comments

By Tony Collins

Comment and analysis

Government Computing reported on 1 July 2016 that the Scottish Police Authority has agreed with Accenture to end their “i6” programme.

It’s a classic public sector IT project disaster. It failed for the usual reasons (see below). What marks it out is the unusual post-failure approach: a limited openness.

Police in Scotland and the Scottish Government plan a review of what went wrong, which is likely to be published.

Usually senior civil and public servants in Whitehall, local government in England and Wales and the NHS rush to shut the blinds when an IT-enabled change project goes awry, which is what has happened recently after failures of the GP Support Services contract with Capita.  [GP magazine Pulse reports that NHS England is to withhold report on primary care support problems until 2017.]

The police in Scotland and the Scottish Parliament are being open but not completely. Their settlement with Accenture remains confidential, but the Scottish Police Authority has published the full business case for i6 and – under FOI – early “Gateway” reviews and “Healthcheck” reports, though with quite a few redactions.

Despite FOI, it’s almost unknown for Whitehall, the NHS or local government in England and Wales, to publish Gateway reviews of big IT projects.

All this means there may be a genuine attempt in Scotland to learn lessons from the failure of the i6 project, and perhaps even let the public sector as a whole benefit from them (if it’s interested),

Due originally to go live last December, and then in the autumn this year, i6 hit problems within months of the start of the contract with Accenture. The contract was signed in June 2013, work started in July and the two sides were reported as being in mediation by August 2013.

Exemplar?

But the programme had followed well-established preparatory routines. One internal report described the procurement approach as an exemplar for the rest of the public sector. Yet it still ended in failure.

In fact i6 followed the classic script of a traditional public sector IT-based project disaster:

  1. An over-ambitious plan for widespread “integration” – which is one of the most dangerous words in the history of public sector IT-enabled change projects. It seemed a great idea at the time: to save vast sums by bringing together in a single system similar things done in different ways by formerly separate organisations.
  2. A variety of early independent reports that highlighted risks and strengths of the programme but didn’t ask the biggest question of all: could a single national system ever work satisfactorily given the amount of organisational change required – changes that would impose on the system design constant modification as end-users discovered new things they wanted and didn’t want that were in the original design – and changes that would require a large team on the police side to have the time to understand the detail and convey it accurately to Accenture.
  3. An assumption that the supplier would be able to deliver an acceptable system within tight deadlines in a fast-changing environment.
  4. Milestones that were missed amid official denials that the project was in disarray.
  5. An agreement to end the contract that was on the basis of a secret settlement, which brought little or no accountability for the failure. Nobody knows how much has been spent on the project in staff and managerial time, hiring of various consultancies, the commissioning of various reports, and money paid over to the supplier.

What are the lessons?

 

The 10-year programme, which was said to cost between £40m and £60m, was ambitious. It was supposed to replace 135 IT-and paper-based systems across Scotland with a single national integrated system that would be rolled out to all Police Scotland divisions.

A “Gateway review” of the project in March 2013 said the project involved the “largest organisagtional change in the history of Scottish policing”.

The released documents have much praise for the police’s preparatory work on the contract with Accenture. Private consultants were involved as the technical design authority. Deloitte was hired for additional support. There were regular “healthcheck” and Gateway reviews.

Too ambitious?

Bringing together dozens of systems and paper-based processes into a new standardised system that’s supposed to work across a variety of business units, requires – before a single new server is installed – agreement over non-IT changes that are difficult in practice to achieve. It’s mainly a business-change project rather than an IT one.

The business case promised “Full interoperability, of processes and technology, at local and national level.” Was that ever really possible?

The disastrous Raytheon/Home Office e-borders project was a similar classic public sector project failure based on “integration”.  Although it was a much bigger project and far more complex than i6, it followed similar principles: a new national system that would replace a  patchwork of different systems and business processes.

Raytheon could not force change on end-users who did not want change in the way Raytheon envisaged. The Home Office wasted hundreds of millions on the project, according to the National Audit Office which said,

“During the period of the e-borders programme the Department made unrealistic assumptions about programme delivery without recognising the importance of managing a diverse range of stakeholders.

“Delivering the e-borders vision requires that more than 600 air, ferry and rail carriers supply data on people they are bringing in and out of the country, while around 30 government agencies supply data on persons of interest.

“During the e-borders period, the contract made Raytheon responsible for connecting e-borders to these stakeholders’ systems, under the Department’s strategic direction. But carriers and agencies expressed general concerns about the costs and other implications of revising their systems to connect to e-borders, including the interfaces they were expected to use.

“The contract strongly incentivised Raytheon to deliver the roll-out to the agreed schedules but provided less incentive for Raytheon to offer a wider choice of interfaces…Lack of clarity on what was legal under European law further exacerbated the difficult relationships with carriers. These difficulties affected progress in rolling out e-borders from the outset…

“Following the cancellation of the e-borders contract in 2010, the Department [Home Office] took more direct ownership of external relationships instead of working through Raytheon. Transport carriers told us there is now a better understanding of needs and requirements between themselves and the Department.”

The NHS National Programme for IT [NPfIT] was another similar failure, in part because of overly ambitious plans for “integration” – on a scale that could never be imposed on a diverse range of largely autonomous NHS organisations. Some hospitals and GPs did not want a national system that did less than their existing systems. Why would they want to replace their own proven IT with cruder standardised systems for the sake of the common good?

More recently the GP support services contract with Capita has run into serious problems largely because of an overly ambitious objective of replacing fragmented ways of working with a national “common good” system.

A Capita spokesperson said of the new system: ‘NHS England asked Capita to transform what was a locally agreed, fragmented primary care support service, to a national standardised system.”

It’s naïve for politicians and senior public servants to view integration as a public benefit without questioning its necessity in the light of the huge risks.

[Mao Tsedong saw the Great Leap Forward as a public benefit. It was a costly catastrophe, in human and financial terms. ]

Disputes over whether proposals would meet actual needs?

It appears that i6 officials found Accenture’s solutions unconvincing; but it’s likely Accenture found that requirements were growing and shifting, leading to disagreements over varying interpretations of different parts of the contract. Accenture could not compel cooperation by various forces even it wanted to.

It may work elsewhere – but that doesn’t mean it’ll work for you.

This is one of the oldest lessons from countless disaster in the history of the IT industry. It was listed as a key factor in some of the world’s biggest IT disasters in “Crash”.

The business case for i6 says:

“The [Accenture] solution is based on a system delivered to 80,000 officers in the Guardia Civil, Spain’s national police force.

“The procured solution includes software components, software licences, specialist hardware, integration tools and services, business change activities, implementation services, reporting capabilities, data management activities, ongoing support, optional managed service arrangements, additional integration services and other relevant services necessary for the successful implementation of the solution.”

Is it wise to promise huge savings many times greater than projected costs?

Clearly i6 is a political scheme. It’s easy in the public sector to declare at the outset any amount of anticipated savings when it’s clear to everyone that the actual audited savings – or losses – will probably never be announced.

Initial costs were put at £12m, but later revisions put the cost nearer to £46m. More recently costs of £60m have been reported. In 2013, cashable savings to be made by developing i6 were said to be over £61m, with the total cashable and non-cashable savings estimated to be £218m over ten years.

That said, the police appear to have paid over relatively small sums to Accenture, not tens of millions of pounds.

Lessons from past failures have been learned – really?

The Scottish Police Authority gave an unequivocal assurance to its members in June 2013 that i6 will “not suffer the same fate as other high profile large scale IT projects”. This is what the Authority said to its members,

“Delivery Assurance – SPA [Scottish Police Authority] members have sought and been provided with significant assurance that the i6 programme will deliver the intended outcomes and not suffer the same fate as other high profile large scale IT projects.

“The robustness and diligent detail that has gone into the full business case itself provides much of that assurance. Further delivery confidence around i6 comes from a number of sources including:
1. Rigorous Programme Governance.
2. Widespread User Engagement and Robust Requirements Gathering.
3. The creation of a ‘live’ multi-sector i6 Learning Network.
4. The formation of strategic partnership groups.
5. Alignment to the wider Scottish Government Digital Strategy.
6. Active learning from the Audit Scotland Review of Public Sector IT Projects and the Common Performance Management Project (‘Platform’).
7. Significant time and investment in the use of Competitive Dialogue.
8. The formation of a strong and consistent programme team with integrated professional advice & support.
9. Exposure to the full independent OGC Gateway Review Process.
10. An independent Scottish Government Technical Assurance Review.

A growing list of changes.

In February 2016 Accenture said, “This is a very complex project. The complexity of the solution, which has been driven by the client, has increased significantly over the last two years.”

This suggests the scope and specification grew as the many different stakeholders gradually formed a view of what they wanted.

Criticism of the supplier, as if it were the only party responsible or delivering the system.

Police Scotland told members of the Scottish Parliament in February 2016 that Accenture has let the police down.

One question auditors may ask is whether it would have been better for local policing divisions to keep control of their own IT.

Internal reviews too soft, too reassuring?

A technical assurance review in June 2013 gave the i6 project an “amber/green” status.

A secret settlement leaves taxpayers having no clue of how much money has gone down the drain.

The Scottish Police Authority says the settlement is confidential. “The terms of the agreement are commercially confidential. However we can confirm that the settlement results in no financial detriment to the police budget.”

The current police budget may not be affected but how much has already been paid and how much of this is wasted? If no figures are ever given, how can there be proper accountability that could deter a new set of officials making similar mistakes in a future project?

Doomsday Register?

If the public sector kept a published “Doomsday” register of failed projects and programmes and the mistakes made in them, as identified by auditors, the same mistakes would be less likely to be repeated.

Perhaps i6 could be the first entry into a new Doomsday register.

The future’s looking bright (?).

When a project is cancelled, it’s almost inevitable that the consequences will be declared to be minimal; and we’re all left wondering why the project was needed in the first place if the future is so rosy.

Half the story

As things stand,  when a council, police, NHS, or Whitehall project fails and millions of pounds, sometimes tens of millions, even billions, are lost, there’s no incentive for anyone but taxpayers to care – and even then they don’t know half the story.

In the case of i6, once the settlement with Accenture is finalised – with hardly anyone knowing the details – officialdom is free to embark on a similar project in a few years time, with different people involved, and describing it in a different way.

Who cares when the public sector has another IT disaster that follows an age-old script?

**

Project summary

The i6 project was introduced to merge more than 130 different computer and paper systems left in place after eight regional forces were merged to form Police Scotland.

Police Scotland told MSPs in February that they were looking at contingency options because they could not solve scores of faults that had emerged during testing.

Officers involved in the tests said at one point they had found 12 critical errors that made it unusable, and a total of 76 defects that required further work.

Accenture said in February that i6 passed its internal testing but flaws emerged when Police Scotland tested the programme.

**

The Guardian reports on another IT-enabled project problems in Scotland.

“Scottish ministers have already been forced to seek an extension from the European commission after its new £178m farming payments system had to be dramatically scaled back and failed to meet an EU deadline.

“There have been significant delays and cost rises too in a new call-handling and IT system for NHS Scotland’s telephone advice service, NHS 24, which has not yet become operational. Its budget has risen by 55% to nearly £118m, and it is four years late.”

Scottish Police Authority and Accenture terminate i6 contract – Government Computing

 

 

3 Comments

Posted in Accenture, Campaign4Change, change management, consultants, excessive secrecy, IT-related failures, Police IT, project management, public services, supplier relationships

Tagged

Aspire: eight lessons from the UK’s biggest IT contract

Posted on 22/06/2016 | 1 comment

By Tony Collins

How do you quit a £10bn IT contract in which suppliers have become limbs of your organisation?

Thanks to reports by the National Audit Office, the questioning of HMRC civil servants by the Public Accounts Committee, answers to FOI requests, and job adverts for senior HMRC posts, it’s possible to gain a rare insight into some of the sensitive commercial matters that are usually hidden when the end of a huge IT contract draws closer.

Partly because of the footnotes, the latest National Audit Office memorandum on Aspire (June 2016) has insights that make it one of the most incisive reports it has produced on the department’s IT in more than 30 years.

Soaring costs?

Aspire is the government’s biggest IT-related contract. Inland Revenue, as it was then, signed a 10-year outsourcing deal with HP (then EDS) in 1994, and transferred about 2,000 civil servants to the company. The deal was expected to cost £2bn over 10 years.

After Customs and Excise, with its Fujitsu VME-based IT estate, was merged with Inland Revenue’s in 2005, the cost of the total outsourcing deal with HP rose to about £3bn.

In 2004 most of the IT staff and HMRC’s assets transferred to Capgemini under a contract known as Aspire – Acquiring Strategic Partners for Inland Revenue. Aspire’s main subcontractors were Accenture and Fujitsu.

In subsequent years the cost of the 10-year Aspire contract shot up from about £3bn to about £8bn, yielding combined profits to Capgemini and Fujitsu of £1.2bn – more than double the £500m originally modelled. The profit margin was 15.8% compared to 12.3% originally modelled.

The National Audit Office said in a report on Aspire in 2014 that HMRC had not handled costs well. The NAO now estimates the cost of the extended (13-year) Aspire contract from 2004 to 2017 to be about £10bn.

Between April 2006 and March 2014, Aspire accounted for about 84% of HMRC’s total spending on technology.

Servers that typically cost £30,000 a year to run under Aspire – and there are about 4,000 servers at HMRC today – cost between £6,000 when run internally or as low as £4,000 a year in the commodity market.

How could the Aspire spend continue – and without a modernisation of the IT estate?

A good service

HMRC has been generally pleased with the quality of service from Aspire’s suppliers.  Major systems have run with reducing amounts of downtime, and Capgemini has helped to build many new systems.

Where things have gone wrong, HMRC appears to have been as much to blame as the suppliers, partly because development work was hit routinely by a plethora of changes to the agreed specifications.

Arguably the two biggest problems with Aspire have been cost and lack of control.  In the 10 years between 2004 and 2014 HMRC paid an average of £813m a year to Aspire’s suppliers.  And it paid above market rates, according to the National Audit Office.

By the time the Cabinet Office’s Efficiency and Reform Group announced in 2014 that it was seeking to outlaw “bloated and wasteful” contracts, especially ones over £100m, HMRC had already taken steps to end Aspire.

It decided to break up its IT systems into chunks it could manage, control and, to some extent, commoditise.

HMRC’s senior managers expected an end to Aspire by 2017. But unexpected events at the Department for Work and Pensions put paid to HMRC’s plan …

Eight lessons from Aspire

1. Your IT may not be transformed by outsourcing.  That may be the intention at the outset. But it didn’t happen when Somerset County Council outsourced IT to IBM in 2007 and it hasn’t happened in the 12 years of the Aspire contract.

 “The Aspire contract has provided stable but expensive IT systems. The contract has contributed to HMRC’s technology becoming out of date,” said the National Audit Office in its June 2016 memorandum.

Mark DearnleyAnd Mark Dearnley, HMRC’s Chief Digital Information Officer and main board member, told the Public Accounts Committee last week,

“Some of the technology we use is definitely past its best-before date.”

2. You won’t realise how little you understand your outsourced IT until you look at ending a long-term deal.

Confidently and openly answering a series of trenchant questions from MP Richard Bacon at last week’s Public Accounts Committee hearing, Dearnley said,

“It’s inevitable in any large black box outsourcing deal that there are details when you get right into it that you don’t know what’s going on. So yes, that’s what we’re learning.”

3. Suppliers may seem almost philanthropic in the run-up to a large outsourcing deal because they accept losses in the early part of a contract and make up for them in later years.

Dearnley said,

“What we are finding is that it [the break-up of Aspire] is forcing us to have much cleaner commercial conversations, not getting into some of the traditional arrangements.

” If I go away from Aspire and talk about the typical outsourcing industry of the last ten years most contracts lost money in their first few years for the supplier, and the supplier relied on making money in the later years of the contract.

“What that tended to mean was that as time moved on and you wanted to change the contract the supplier was not particularly incented to want to change it because they wanted to make their money at the end.

“What we’re focusing on is making sure the deals are clean, simple, really easy to understand, and don’t mortgage the future and that we can change as the environment evolves and the world changes.”

4. If you want deeper-than-expected costs in the later years of the contract, expect suppliers to make up the money in contract extensions.

Aspire was due originally to end in 2004. Then it went to 2017 after suppliers negotiated a three-year extension in 2007. Now completion of the exit is not planned until 2020, though some services have already been insourced and more will be over the next four years.

The National Audit Office’s June 2016 memorandum reveals how the contract extension from 2017 to 2020 came about.

HMRC had a non-binding agreement with Capgemini to exit from all Aspire services by June 2017. But HMRC had little choice but to soften this approach when Capgemini’s negotiating position was unexpectedly strengthened by IT deals being struck by other departments, particularly the Department for Work and Pensions.

Cabinet Office “red lines” said that government would not extend existing contracts without a compelling case. But the DWP found that instead of being able to exit a large hosting contract with HP in February 2015 it would have to consider a variation to the contract to enable a controlled disaggregation of services from February 2015 to February 2018.

When the DWP announced it was planning to extend its IT contract with its prime supplier HP Enterprise, HMRC was already in the process of agreeing with Capgemini the contract changes necessary to formalise their agreement to exit the Aspire deal in 2017.

“Capgemini considered that this extension, combined with other public bodies planning to extend their IT contracts, meant that the government had changed its position on extensions…

“Capgemini therefore pushed for contract extensions for some Aspire services as a condition of agreeing to other services being transferred to HMRC before the end of the Aspire contract,” said the NAO’s June 2016 memo.

5. It’s naïve to expect a large IT contract to transfer risks to the supplier (s).

At last week’s Public Accounts Committee hearing, Richard Bacon wanted to know if HMRC was taking on more risk by replacing the Aspire contract with a mixture of insourced IT and smaller commoditised contracts of no more than three years. Asked by Bacon whether HMRC is taking on more risk Dearnley replied,

“Yes and no – the risk was always ours. We had some of it backed of it backed off in contract. You can debate just how valuable contract backing off is relative to £500bn (the annual amount of tax collected).  We will never back all of that off. We are much closer and much more on top of the service, the delivery, the projects and the ownership (in the gradual replacement of Aspire).”

6. Few organisations seeking to end monolithic outsourcing deals will have the transition overseen by someone as clear-sighted as Mark Dearnley.

His plain speaking appeared to impress even the chairman of the Public Accounts Committee Meg Hillier who asked him at the end of last week’s hearing,

Meg Hillier

Meg Hillier

“And what are your plans? One of the problems we often see in this Committee is people in very senior positions such as yours moving on very quickly. You have had a stellar career in the private sector…

“We hope that those negotiations move apace, because I suspect – and it is perhaps unfair to ask Mr Dearnley to comment – that to lose someone senior at this point would not be good news, given the challenges outlined in the [NAO] Report,” asked Hillier.

Dearnley then gave a slightly embarrassed look to Jon Thomson, HMRC’s chief executive and first permanent secretary. Dearnley replied,

“Jon and I are looking at each other because you are right. Technically my contract finishes at the end of September because I was here for three years. As Jon has just arrived, it is a conversation we have just begun.”

Hiller said,

“I would hope that you are going to have that conversation.”

Richard Bacon added,

“Get your skates on, Mr Thompson; we want to keep him.”

Thompson said,

“We all share the same aspiration. We are in negotiations.”

7. Be prepared to set aside millions of pounds – in addition to the normal costs of the outsourcing – on exiting.

HMRC is setting aside a gigantic sum – £700m. Around a quarter of this, said the National Audit Office, is accounted for by optimism bias. The estimates also include costs that HMRC will only incur if certain risks materialise.

In particular, HMRC has allowed around £100m for the costs of transferring data from servers currently managed by Aspire suppliers to providers that will make use of cloud computing technology. This cost will only be incurred if a second HMRC programme – which focuses on how HMRC exploits cloud technology – is unsuccessful.

Other costs of the so-called Columbus programme to replace Aspire include the cost of buying back assets, plus staff, consultancy and legal costs.

8. Projected savings from quitting a large contract could dwarf the exit costs.

HMRC has estimated the possible minimum and possible maximum savings from replacing Aspire. Even the minimum estimated savings would more than justify the organisational time involved and the challenge of building up new corporate cultures and skills in-house while keeping new and existing services running smoothly.

By replacing Aspire and improving the way IT services are organised and delivered, HMRC expects to save – each year – about £200m net, after taking into account the possible exit costs of £700m.

The National Audit Office said most of the savings are calculated on the basis of removing supplier profit margins and overheads on services being brought in-house, and reducing margins on other services from contract changes.

Even if the savings don’t materialise as expected and costs equal savings the benefits of exiting are clear. The alternative is allowing costs to continue to soar while you allow the future of your IT to be determined by what your major suppliers can or will do within reasonable cost limits.

Comment

HMRC is leading the way for other government departments, councils, the police and other public bodies.

Dearnley’s approach of breaking IT into smaller manageable chunks that can be managed, controlled, optimised and to some extent commoditised is impressive.  On the cloud alone he is setting up an internal team of 50.

In the past, IT empires were built and retained by senior officials arguing that their systems were unique – too bespoke and complex to be broken up and treated as a commodity to be put into the cloud.

Dearnley’s evidence to the Public Accounts Committee exposes pompous justifications for the status quo as Sir Humphrey-speak.

Both Richard Feynman and Einstein said something to the effect that the more you understand a subject, the simpler you can explain it.

What Dearnley doesn’t yet understand about the HMRC systems that are still run by Capgemini he will doubtless find out about – provided his contract is renewed before September this year.

No doubt HMRC will continue to have its Parliamentary and other critics who will say that the risks of breaking up HMRC’s proven IT systems are a step too far. But the risks to the public purse of keeping the IT largely as it is are, arguably, much greater.

The Department for Work and Pensions has proved that it’s possible to innovate with the so-called digital solution for Universal Credit, without risking payments to vulnerable people.

If the agile approach to Universal Credit fails, existing benefit systems will continue, or a much more expensive waterfall development by the DWP’s major suppliers will probably be used instead.

It is possible to innovate cheaply without endangering existing tax collection and benefit systems.

Imagine the billions that could be saved if every central government department had a Dearnley on the board. HMRC has had decades of largely negative National Audit Office reports on its IT.  Is that about to change?

Update:

This morning (22 June 2016) on LinkedIn, management troubleshooter and board adviser Colin Beveridge wrote,

“Good analysis of Aspire and outsourcing challenges. I have seen too many business cases in my career, be they a case for outsourcing, provider transition or insourcing.

“The common factor in all the proposals has been the absence of strategy end of life costs. In other words, the eventual transition costs that will be incurred when the sourcing strategy itself goes end of life. Such costs are never reflected in the original business case, even though their inevitability will have an important impact on the overall integrity of the sourcing strategy business case.

“My rule of thumb is to look for the end of strategy provision in the business case, prior to transition approval. If there is no provision for the eventual sourcing strategy change, then expect to pay dearly in the end.”

June 2016 memorandum on Aspire – National Audit Office

Dearney’s evidence to the Public Accounts Committee

1 Comment

Posted in Accenture, BT, Campaign4Change, Capgemini, change management, Cloud Computing, cost avoidance, DWP, efficiency savings, Freedom of Information, G-Cloud, Government IT, HMRC, HP, Institute for Government, IT successes, Legacy ICT, managing change, managing outsourced services, National Audit Office, project management, supplier relationships, Universal Credit

Tagged , , , , ,

Avon and Somerset Police to end outsourcing deal after years of proclaiming its success

Posted on 20/06/2016 | 4 comments

avon and somerset police logoBy Tony Collins

Avon and Somerset Police has been consistent in its good news statements on the force’s “innovative” outsourcing deal with IBM-owned Southwest One.

These announcements and similar FOI responses have a clear message: that savings from the deal are more than expected.

But the statements have differed in tone and substance from those of Somerset County Council which ended up in a legal action with Southwest One.

Somerset’s losses on its Southwest One deal could leave the casual observer wondering why and how Avon and Somerset Police had made a success of its deal with Southwest One, whereas the county council has had a disastrous experience.

Now the BBC reports that Avon and Somerset will not be renewing its contract with Southwest One when the deal expires in 2018.

Southwest One is 75% owned by IBM and carries out administrative, IT and human resources tasks for the force.

Avon and Somerset Police’s “new” chief constable Andy Marsh – who took up the post in February 2016 – confirmed he has “given notice” that the Southwest On contract will not be renewed.

Andy Marsh, chief constable, Avon and Somerset.

Andy Marsh, chief constable, Avon and Somerset.

Instead he said he wants to work with neighbouring police and fire services. Marsh said,

“We will be finding a new way of providing those services. It is my intention to collaborate with other forces. I do believe I can save some money and I want to protect frontline numbers.”

Marsh came to Avon and Somerset with a reputation for making value for money a priority.

These are some of the statements made by Avon and Somerset Police on the progress of the Southwest One contract before Marsh joined the force:

  • “I am delighted with the level of procurement savings Southwest One is delivering for us, particularly as it is our local communities who will benefit most as front-line services are protected. “
  • “Using Southwest One’s innovative approach, we have been able to exceed our expected savings level.”
  • “I am looking forward to building on our close working relationship with Southwest One to deliver even greater savings in the future.”

FOI campaigner David Orr says of the police’s decision not to renew its contract with Southwest One,

“This controversial contract with IBM for Southwest One was signed in 2007 with the County Council, the Police and Taunton Deane Borough Council.

“We were promised £180m of cash savings, an iconic building in Taunton at Firepool, as well as new jobs and a boost to the economy. None of that ever materialised. “

Comment

If Avon and Somerset Police is happy with its outsourcing deal with Southwest One, why is it not renewing or extending the contract?

It’s clear the “new” chief constable Andy Marsh believes he can save money by finding a new way of delivering services, including IT. This sounds sensible given that the client organisation will at some point have to contribute to the supplier’s profits, usually in the later years of the contract.

Savings by ending outsourcing

Public authorities, particularly councils, when they announce the end of an outsourcing contract, will often say they plan to make substantial savings by doing something different in future – Somerset County Council and Liverpool Council among them.

Liverpool Council announced it would save £30m over three years  by ending its outsourcing deal.

Dexter Whitfield of the European Services Strategy Unit which monitors the success or otherwise of major outsourcing deals, is quoted in a House of Commons briefing paper last month entitled “Local government – alternative models of service delivery” as saying,

“Councils have spent £14.2bn on 65 strategic public-private partnership contracts, but there is scant evidence of full costs and savings”.

According to Whitfield, this is due to “the lack of transparent financial audits of contracts, secretive joint council-contractor governance arrangements, poor monitoring, undisclosed procurement costs, a lack of rigorous scrutiny and political fear of admitting failure”.

If it’s so obvious that outsourcing suppliers will eventually try to make up later for any losses in the early stages of a contract – suppliers are not registered charities – why are such deals signed in the first place?

Do officials and councillors not realise that  their successors will probably seek to save money by jettisoning the same outsourcing deal?

The problem, perhaps, is that those who preside over the early years of an outsourcing contract are unlikely to be around in the later years. For them, there is no effective accountability.

Hence the enthusiastic public announcements of savings and new investments in IT and other facilities in the early stages of an outsourcing  contract.

It’s likely things will go quiet in the later years of the contract when the supplier may be trying to recoup losses incurred in the early years.

Then, suddenly, the public authority will announce it is ending its outsourcing deal. Outsiders are left wondering why.

Good news?

Given Avon and Somerset’s determination to end its relationship with Southwest One, can we trust all the good news statements by the force’s officials in past years?

With facts in any outsourcing deal so hard to come by, even for FOI campaigners, selective statements by public servants or ruling councillors about how successful their deal is, and how many tens of millions of pounds they are saving, are best taken with a pinch of salt.

Especially if the announcements were at an early stage of the contract and things have now gone quiet.

Thank you to David Orr for alerting me to the BBC story and providing links to much of the material that went into this post.

From hubris to the High Court (almost) – the story of Southwest One.

Too easy for councils to make up savings figures for outsourcing deals?

4 Comments

Posted in Campaign4Change, culture, excessive secrecy, Freedom of Information, IT-related failures, legal disputes, local democracy, local government, NHS, outsourcing, public services, public-private partnerships, supplier relationships

Another NPfIT IT scandal in the making?

Posted on 09/02/2016 | 8 comments

By Tony Collins

Jeremy Hunt may have forgotten what he told the FT 2013, as reported in the paper on 2 June 2o13.

Referring to the failed National Programme for IT [NPfIT] in the NHS he said at that time,

“It was a huge disaster . . . It was a project that was so huge in its conception but it got more and more specified and over-specified and in the end became impossible to deliver, but we musn’t let that blind us to the opportunities of technology and I think one of my jobs as health secretary is to say, look, we must learn from that and move on but we must not be scared of technology as a result.”

He added, “I’m not signing any big contracts from behind [my] desk; I am encouraging hospitals and clinical commissioning groups and GP practices to make their own investments in technology at the grassroots level.”

Now the Department of Health (and perhaps some large IT suppliers) have encouraged Hunt to find £4bn for spending on technology that is (again) of questionable immediate need.

Says Computing, “A significant part of the paperless NHS plans will involve enabling patients to book services and order prescriptions online, as well as giving them the choice of speaking to their doctor online or via a video link.”

The £4bn, if that’s what it will cost, is much less than the cost of the NPfIT. But are millions to be wasted again?

[NPfIT was originally due to cost £2.3bn over three years from 2003 but is expected to cost £9.8bn over 21 years, to 2024.]

Yesterday (8 February 2016) the Department of Health announced a “review of information technology in the NHS”. Announcing it Hunt said.

“Improving the standard of care patients receive even further means embracing technology and moving towards a fully digital and paperless NHS.

NHS staff do incredible work every day and we must give them and patients the most up-to-date technology – this review will tell us where we need to go further.”

The NPfIT was supposed to give the NHS up-to-date technology – but is that what’s needed?

A more immediate need is for any new millions of central funding (for the cost would be in the tens of millions, not billions) to be spent on the seemingly mundane objective of getting existing systems to talk to each other, so that patients can be treated in different parts of the NHS and have their electronic records go with them.

This doesn’t need a new national programme for IT. Some technologists working in the NHS say it would cost no more than £150m, a small sum by NHS IT standards, to allow patient data to reside where it is but be accessed by secure links anywhere, much as secure links work on the web.

But the review’s terms of reference make only a passing reference to the need for interoperability.

Instead the review will have terms of reference that are arguably vague – just as the objectives for the NPfIT were.

The Department of Health has asked the review board, when making recommendations, to consider the following points:

  • The experiences of clinicians and Trust leadership teams in the planning, implementation and adoption of digital systems and standards;
  • The current capacity and capability of Trusts in understanding and commissioning of health IT systems and workflow/process changes.
  • The current experiences of a number of Trusts using different systems and at different points in the adoption lifecycle;
  • The impact and potential of digital systems on clinical workflows and on the relationship between patients and their clinicians and carers.

The head of the review board Professor Wachter will report his recommendations to the secretary of state for health and the National Information Board in June 2016.

Members of the National Advisory Group on health IT in England (the review board) are:

  • Robert Wachter, MD, (Chair) Professor and Interim Chairman, Department of Medicine,University of California, San Francisco
  • Julia Adler-Milstein, PhD, Associate Professor, Schools of Information and of Public Health, University of Michigan
  • David Brailer, MD, PhD, CEO, Health Evolution Partners (current); First U.S. National Coordinator for Health IT (2004-6)
  • Sir David Dalton, CEO, Salford Royal NHS Foundation Trust, UK
  • Dave deBronkart, Patient Advocate, known as “e-Patient Dave”
  • Mary Dixon-Woods, MSc, DPhil, Professor of Medical Sociology, University of Leicester, UK
  • Rollin (Terry) Fairbanks, MD, MS, Director, National Center for Human Factors in Healthcare; Emergency Physician, MedStar Health (U.S.)
  • John Halamka, MD, MS, Chief Information Officer, Beth Israel Deaconess Medical Center; Professor, Harvard Medical School
  • Crispin Hebron, Learning Disability Consultant Nurse, NHS Gloucestershire
  • Tim Kelsey, Advisor to UK Government on Health IT
  • Richard Lilford, PhD, MB, Director, Centre for Applied Health Research and Delivery, University of Warwick, UK
  • Christian Nohr, MSc, PhD, Professor, Aalborg University (Denmark)
  • Aziz Sheikh, MD, MSc, Professor of Primary Care Research and Development, University of Edinburgh
  • Christine Sinsky, MD, Vice-President of Professional Satisfaction, AMA; Primary care internist, Dubuque, Iowa
  • Ann Slee, MSc, MRPharmS, ePrescribing Lead for Integrated Digital Care Record and Digital Medicines Strategy, NHS England
  • Lynda Thomas, CEO, MacMillan Cancer Support, UK
  • Wai Keong Wong, MD, PhD, Consultant Haematologist, University College London Hospitals; Inaugural chair, CCIO Leaders Network Advisory Panel
  • Harpreet Sood, MBBS, MPH, Senior Fellow to the Chair and CEO, NHS England and GP Trainee

Comment

Perhaps egged on by one or two major suppliers in behind-the-scenes lobbying, Hunt has apparently found billions to spend on improving NHS IT.

Nobody doubts that NHS IT needs improving.  But nearly all GPs have impressive systems, as do many hospitals.  But the systems don’t talk to each other.

The missing word  from the review board’s terms of reference is interoperability. True, it’s difficult to achieve. And it’s not politically aggrandizing to find money for making existing systems interoperable.

But at present you can have a blood test at the GP, then a separate blood test at the local hospital and the full results won’t go on your electronic record because the GP and hospital are on different systems with no interoperability between them.

If you’re treated at a specialist hospital for one ailment, and at a different hospital 10 to 20 (or say 100) miles away for something else, it may take weeks for your electronic record to reflect your latest treatment.

Separate NHS sites don’t always know what each other is doing to a patient, unless information is faxed or posted between them.

The fax is still one of the NHS’s main modes of cross-county communication. The DoH wants to be rid of the fax machine but it’s indispensable to the smooth running of the NHS, largely because new and existing systems don’t talk to each other.

The trouble with interoperability – apart from the ugliness of the word – is that it is an unattractive concept to some of the major suppliers, and to DoH executives, because it’s cheap, not leading edge and may involve agreements on data sharing.

Getting agreements on anything is not the DoH’s forte. [Unless it’s an agreement to spend more money on new technology, for the sake of having up-to-date technology.]

Last year I broke my ankle in Sussex and went to stay in the West Midlands at a house with a large ground floor and no need to use stairs. There was no communication between my local GP and the NHS in the West Midlands other than  by phone, post or fax, and even then only a summary of healthcare information went on my electronic record.

I had to carry my x-rays on a CD. Then doctors at my local orthopaedic department in Sussex found it difficult to see the PACS images because the hospital’s PCs didn’t have CD players.

A government employee told me this week of a hospital that gave medication to a patient in the hope she would not have an adverse reaction. The hospital did not have access to the patient’s GP records, and the patient was unsure of the name of the medication she’d previously had an allergic reaction to.

Much of the feedback I have had from those who have enjoyed NHS services is that their care and treatment has been impeded by their electronic records not moving with them across different NHS sites.

Mark Leaning, visiting professor, at University College, London, in a paper for health software supplier EMIS, says the NHS is “not doing very well when it comes to delivering a truly connected health system in 2016. That’s bad for patient outcomes.”

That GPs and their local hospital often cannot communicate electronically  is a disgrace given the billions various governments have spent on NHS IT.  It is on interoperability that any new DoH IT money needs to be spent.

Instead,  it seems huge sums will be wasted on the pie-in-the-sky objective of a paperless NHS by 2020. The review board document released today refers to the “ambition of a paper- free health and care system by 2020”.

What’s the point of a paperless NHS if a kaleidoscope of new or existing systems don’t properly communicate?

Congratulations, incidentally, to GP software suppliers TPP and EMIS. They last year announced direct interoperability between their core clinical systems.

Their SystmOne and EMIS Web systems hold the primary care medical records for most of the UK population.

And this month EMIS announced that it has become the first UK clinical systems provider to implement new open standards for interoperability in the NHS.

It says this will enable clinicians using its systems to securely share data with any third party supplier whose systems comply with a published set of open application programme interfaces.

The Department of Health and ministers need to stop announcing things that will never happen such as a paperless NHS and instead focus their attention – and any new IT money – on initiatives that are not subconsciously aimed at either political or commercial gain.

It would be ideal if they, before announcing any new IT initiative, weighed up diligently whether it is any more important, and any more of a priority, than getting existing systems to talk to each other.

Review of information technology in the NHS

EMIS implements open standards

 

8 Comments

Posted in Campaign4Change, change management, consultants, culture, Department of Health, Government IT, health, health records, HSCIC, IT-related failures, NHS, npfit, PACS, supplier relationships

Tagged , ,

Are councillors in Somerset ignoring the wisdom of their auditors?

Posted on 14/07/2015 | 2 comments

By Tony Collins

It’s good to see auditors in local government doing their job well  – not accepting verbal assurances and seeking proof that all is well with an outsourced system .

But what if councillors apply a lower standard – and accept verbal assurances without checking them?

A  strong report by the South West Audit Partnership [SWAP] went to councillors at Somerset County Council’s Audit Committee on 2 July 2015. The report was about problems with an outsourced system, the Adults Integrated Solution [AIS].

Although not the original supplier, IBM has provided AIS to Somerset County Council under a 10-year outsourcing contract/joint venture – Southwest One –  that was signed in 2007.

The SWAP report said limited progress has been made in implementing the AIS-related recommendations from its 2012-2013 audit report. It added that:

– AIS performance and response times could be “less than adequate for users’ needs”.

– Southwest One was unwilling to develop a service level agreement specifically for the AIS application.

– “Poor response time has led to the disabling of enhanced audit trails/logs that would make it possible to trace and attribute user activity in the system.” SWAP added that this was “worrying” given that the data involved was “sensitive and personal”.

– SWAP had been refused access to the contract between IBM and Northgate, the original supplier of AIS.

Are verbal assurances worth anything?

Having studied AIS from time to time over 2 years, and spoken to its users, SWAP’s auditors have been reluctant, on some of their concerns, to accept verbal assurances that all is well.

When they have sought documentary evidence to support assurances it hasn’t always been forthcoming.

SWAP said in its latest report:

“Verbal assurances were provided that the ToR for AIS Programme Board had been reviewed and that roles and responsibilities in relation to system ownership had been clarified. However, no evidence was provided to support these assurances.”

Now Somerset’s audit committee has done what its auditors wouldn’t do and has accepted verbal assurances that all is well with AIS.

SWAP’s auditors had expressed a multitude of concerns about AIS. But Somerset’s officers verbally assured audit committee councillors that a single upgrade had solved all the problems.

One officer, in a statement, told Dave Orr, a Somerset resident who campaigns for openness over IBM’s relationship with the council:

“I can confirm that all of the fundamental issues raised through the [SWAP] Audit Report [on AIS] have now been addressed…

“The AIS application is one of the top systems used by local authorities for social care services in the UK. The performance issues referred to in the Audit Report were resolved by a system upgrade.”

Comment:

It’s difficult if not impossible to see how a single upgrade could address all the points SWAP made – such as the lack of a service level agreement to cover AIS or the refusal by IBM to supply a copy of its contract with Northgate.

Whenever auditors produce a hard-hitting report there will be 2 opposing sides: defenders of what’s being criticised and the auditors.

It is up to the auditors to cut through any dissimulation, obfuscation and prevarication to identify what’s going well, what isn’t, and what the uncertainties and risks are.

Auditors would not be doing their job if they always accepted verbal assurances at face value.

But what if auditors are undermined by councillors who readily accept verbal assurances from their officers who wish to defend the suppliers?

A supplier that doesn’t have to provide documentary evidence can say anything in defence of its systems and the quality of service.

Somerset’s councillors are lucky to have auditors as independently-minded as SWAP.

It’s unlikely that SWAP would accept at face value the Somerset officer’s suggestion that because AIS is widely used it’s unlikely to be a poor system.

This would be like Ford saying a particular Mondeo is unlikely to be at fault because thousands of people happily own one.

Every IT installation is different, even if the main software package is widely used. The hardware, network configuration, load on the network, facilities and interfaces installed will render every IT installation unique.

It’s conceivable that every council client of AIS could have a trouble-free service except Somerset.

Are the council’s audit committee councillors gullible to accept verbal assurances about the problems with AIS being solved without requiring proof?

Where does this leave the 775 users of Somerset’s AIS, many of whom may be having to do difficult work in managing vulnerable adults while trying to cope with what may be one of the UK’s worst outsourced systems?

Thank you to Dave Orr for providing information that made this post possible.

Pity the 775 users who use this outsourced council system?

SWAP report on AIS for Somerset County Council’s Audit Committee 2 July 2015

SWAP 2012-2013 audit report on AIS

 

 

2 Comments

Posted in Campaign4Change, data protection, excessive secrecy, IBM, IT-related failures, local democracy, local government, operational issues, outsourcing, public-private partnerships, supplier relationships

Tagged ,

Pity the 775 users who use this outsourced council system?

Posted on 02/07/2015 | 2 comments

By Tony Collins

Adult care systems are a cinderella IT service for councils.

It’s rare for journalists to write about them, for good or ill, perhaps because they help council staff deal with vulnerable adults. Such systems help with payments to care home and hospice providers. They help staff organise facilities for adults with learning disabilities or dementia, and respite care for adults at risk of abuse.

One such system has 775 users in Somerset. It’s a “critical” application according to the county council there.  The Adults Integrated Solution was originally supplied by Northgate. The system became IBM’s responsibility under a 10-year outsourcing and joint venture, Southwest One.

The latest in a series of excellent reports on the system’s enduring problems by auditors the South West Audit Partnership goes to Somerset County Council’s Audit Committee today (2 July 2015).

How bad is bad?

The report says the system’s response times have been so poor  that audit trails and logs have been disabled. So how can IBM and the council trace and attribute user activity in the system – particularly one handling sensitive and personal data?

The report says this disabling of the audit trial and logs is “worrying”.

Auditors reported on the system’s weaknesses in their 2012/2013 audit report.  Since then there has been only “limited progress” in implementing recommendations, says today’s report.

On some of their priority recommendations, auditors say they have been unable to obtain documentary evidence to support implementation. They have received verbal assurances – but they remain concerned.

The report says that AIS performance and response times “can still be less than adequate for users’ needs” and IBM is unwilling to develop a service level agreement specifically for the AIS application.

Indeed IBM has refused to give the county council a copy of the AIS contract with Northgate and it was not made available to the South West Audit Partnership for its audit of the system.

This may prompt councillors to ask how the council can properly manage a critical application if it has no control over the system or the outsourcer.

Repeated audit reports on the problems appear to have left matters unresolved.

Below are some of the concerns of the South West Audit Partnership as mentioned in its 2012/2013 audit report. It reports today that it has received only “partial” assurances that these problems have been solved.

Applications could be unavailable a month or more

Said the South West Audit Partnership: “We have identified in previous audit reports that there is no tested IT disaster recovery strategy. This is a strategy that would be put into effect in the event the Somerset County Council data centre was unavailable for any reason. Although a contract has been signed with Adam Continuity, applications could still be unavailable for a month or even more.”

No formally-named business system owner

“As of November 2014, Helen Wakeling (AIS System Owner) has left Somerset County Council. The responsibility of AIS system ownership needs to be reassigned and formalised.”

Payments to care providers not properly checked?

“… there does not appear to be a process to ensure payments are authorised, appropriate, complete and accurate…

 

IBM has no contractual duty to provide a good system

“There is no contractual requirement or service level for Southwest One [IBM] to provide a platform that delivers performance and response time that is acceptable to ASC [Adult Social Care] Operations.”

Data validation?

“Data quality in AIS data is undermined by the lack of robust input validation within the AIS application.

“Client records can be created with a minimum of information. Key personal identifiers such as data of birth, NI number and NHS number do not need to be entered and this both increases the risk of duplicate records and provides less data with which to identify those that have been created…”

Is IBM hiding AIS contract from the council?

“Southwest One currently owns the contract with Northgate and would not provide SWAP with a copy. As a result SWAP [South West Audit Partnership] was not able to evaluate Northgate’s compliance with the terms of the contract including licensing requirements…”

Personal data at risk?

“It was noted that developers have access to the production environment, unmasked live production data is used by developers and vendors for testing purposes and desktops are not locked down.”

Potential for fraud?

“In addition the authorise function, a security feature available in AIS has not been implemented resulting in all authorisations occurring outside of AIS. As a result data loss, potential corruption of data, incorrect and potentially fraudulent use of the application, missed, inappropriate or additional payments, will not be identified and acted upon.”

Corrupt data?

“In spite of a recent security incident that appeared to result in some data corruption, there is no reporting in place or review of user, super user or generic user access for appropriateness.”

Can former staff still log on?

“Terminated users were identified with valid AIS access credentials. Just less than 10% of managers with access were found to be no longer employed. In addition user ids are not disabled after not being used for a period of time.”

Unattended screens?

“The time-out for the application is 1 hour. Although users typically leave the application on and lock the screen when they go out to lunch, this process is inefficient, leaving sessions unavailable for others and insecure, since the user could forget to lock their screen and allow bypass of all security.”

System security?

“We also identified in our capacity management audit that desktop lock-down is not in effect and as a result AIS data can be downloaded and copied to USB flash storage. SWAP recommended data security policies be developed and implemented …”

**

Dave Orr who has followed events at Somerset closely since the county council signed the Southwest One contract in 2007 has written to audit committee councillors about the AIS system.

One of his questions is how the council could have transferred a critical application to IBM without its being protected by any specific service level agreement.

Orr says: “I do not believe that an in-house IT service, with a head of IT in the direct employ of this council, would be allowed to leave these serious shortcomings in performance, audit logging and disaster recovery unaddressed.”

Comment

So much for the claims back in 2007, when the council and IBM formed Southwest One, that the services would be “beyond excellence”.

If this is the worst outsourced system in the UK where does that leave the 775 council users who no doubt are trying to do their best for the vulnerable adults in their community?

Thank you to Dave Orr for providing the information on which this article is based.

2 Comments

Posted in Campaign4Change, excessive secrecy, IBM, local government, outsourcing, public-private partnerships, supplier relationships

Tagged