Tag Archives: Cabinet Office

Aftermath of the cyber attack – will ministers learn the wrong lessons?

By Tony Collins

At least 16 NHS trusts out of 47 that were hit by the ransomware attack continue to face problems, according to BBC research.

And, as some patients continued to have their cancer treatments postponed, Tory, Labour and Lib-dem politicians told of their plans to spend more money on NHS IT.

But will any new money promised by government focus on basic weaknesses – such as the lack of interoperability and the structural complexities that made the health service vulnerable to cyber attack?

Last year when the health secretary Jeremy Hunt announced £4bn for NHS IT, his focus was on new technologies such as smartphone apps to order repeat prescriptions rather than any urgent need to upgrade MRI, CT and other medical devices that rely on Windows XP.

Similarly the government-commissioned Wachter review “Making IT Work: Harnessing the Power of HealthInformation Technology to Improve Care in England made no mention of Windows XP or any operating system – perhaps because ministers were much more likely to welcome a review of NHS IT that focused on innovation and new technologies.

Cancer treatments postponed

The Government’s position is that the NHS was not specifically targeted in the cyber attack and that the Tories are putting £2bn into cyber security over the next year.

Theresa May said yesterday,

“It was clear warnings were given to hospital trusts but this is not something that was focused on attacking the NHS. 150 countries are affected. Europol says there are 200,000 victims across the world. Cyber security is an issue we need to address.

“That’s why the government, when we came into government in 2010, put money into cyber security. It’s why we are putting £2bn into cyber security over the coming year.”

Similarly Jeremy Hunt, health secretary, told the BBC that the attack affected international sites that have “some of the most modern IT systems”.

But the BBC’s World at One gave an example of how the NHS’s IT problems were affecting the lives of patients.

It cited the case of Claire Hobday whose radiography appointment for breast cancer at Lincoln County Hospital was cancelled on Friday (12 May 2017) and she still doesn’t know when she’ll receive treatment. Hobday said,

“I turned up by hospital transport for my second radiotherapy session, and I, along with many other patients – at least 20 other people were waiting – and they said the computers weren’t working.

“I do have to say the staff were very good and very quickly let us all know that they were having trouble with the computers. They didn’t want to misinform us, so they were going to come and talk to us all individually and hoped they would be able to rectify it.

“Within half an hour or so they came out and said, ‘We’re really sorry but it’s not going to get sorted. We’ll send you all home and give you a call on Sunday’ which didn’t happen.

“But they did ring me this morning (15 May 2017) to say it’s not happening today and if transport turns up please don’t get in it, and it’s very unlikely it will happen tomorrow.

“It is just a bit upsetting that other authorities have managed to sort it but Lincolnshire don’t seem to have been able to do that.”

United Lincolnshire Hospitals Trust told World at One it will be back in touch with patients once the IT system is restored.

Roy Grimshaw was in the middle of an MRI scan – after dye was injected into his blood stream –  when the scan was stopped and he was asked to go back into the waiting room in his gown, with tubes attached to him, while staff investigated a computer problem. After half an hour he was told the NHS couldn’t continue the scan.

Budgets “not an issue”?

GP practices continue to be affected. Keiran Sharrock, GP and medical director of Lincolnshire local medical committee, said yesterday (15 Mat 2017) that systems were switched off in “many” practices.

“We still have no access to medical records of our patients. We are asking patients to only contact the surgery if they have an urgent or emergency problem that needs dealing with today. We have had to cancel routine follow-up appointments for chronic illnesses or long-term conditions.”

Martha Kearney – BBC World at One presenter –  asked Sharrock about NHS Digital’s claim that trusts were sent details of a security patch that would have protected against the latest ransomware attack.

“I don’t think in general practice we received that information or warning. It would have been useful to have had it,” replied Sharrock.

Kearney – What about claims that budget is an aspect of this?

Sharrock: “Within general practice that doesn’t seem to be the reason this happened. Most general practices have people who can work on their IT and if we’d been given the patch and told it needed to be installed, most practices would have done that straight away.”

GCHQ

World at One also spoke to Ciaran Martin, Director General for Government and Industry Cyber Security.  He is a member of the GCHQ board and its senior information risk owner.  He used to be Constitution Director at the Cabinet Office and was lead negotiator for the Prime Minister in the run-up to the Edinburgh Agreement in 2012 on a referendum on independence for Scotland.

Kearney: Did your organisation issue any warnings to the health service?

Martin: “We issue warnings and advice on how to upgrade defences constantly. It’s generally public on our website and it’s made very widely available for all organisations. We are a national organisation protecting all critical sectors and indeed individuals and smaller organisations as well.”

Huge sums spent on paying ransoms?

Kearney asked Martin, “How much money are you able to estimate is being spent on ransoms as a result of these cyber attacks?” She added,

“I did hear one astonishing claim that in the first quarter of 2016 more money was spent in the USA on responding to ransomware than [was involved] in armed robberies for the whole of that year?”

Martin: “First let me make clear that we don’t condone the payment of ransoms and we strongly advise bodies not to pay and indeed in this case the Department of Health and the NHS have been very clear that affected bodies are not to pay ransoms. Across the globe there is, sadly, a market in ransomware. It is often the private sector in shapes and sizes that is targeted.”

Martha Kearney said the UK may be a target because it has a reputation for being willing to pay ransoms.

Martin, “We are no more or less a target for ransomware than anywhere else. It’s a global business; and it is a business. It is all about return on investment for the attacker.

“What’s important about that is that it’s all about upgrading defences because you can make the return on investment lower by making it harder to get in.”

If an attacker gets in the aim must be to make it harder to get anything useful, in which case the “margin on investment goes down”. He added,

“That’s absolutely vital to addressing this problem.”

Are governments at fault?

Martin,

“Vulnerabilities will always exist in software. Regardless of who finds the underlying software defect, it’s incumbent on the entire cyber security ecosystem – individual users, enterprises, governments or whoever – to work together to mitigate the harm.”

He added that there are “all sorts of vulnerabilities out there” including with open source software.

Windows XP

Computer Weekly reports – convincingly – that the government did not cancel an IT support contract for XP.

Officials decided to end a volume pricing deal with Microsoft which left NHS organisations to continue with XP support if they chose to do so. This was clearly communicated to affected departments.

Government technology specialists, reports Computer Weekly, did not want a volume pricing deal with Microsoft to be  “comfort blanket” for organisations that – for their own local reasons – were avoiding an upgrade from XP.

Computer Weekly also reported that civil servants at the Government Digital Service expressed concerns about the lack of technical standards in the NHS to the then health minister George Freeman.

Freeman was a Department of Health minister until July 2016. In their meeting with Freeman, GDS officials  emphasised the need for a central body to set technical standards across the NHS, with the authority to ensure trusts and other organisations followed best practice, and with the transparency to highlight those who chose not to.

A source told Computer Weekly that Jeremy Hunt was also briefed on the security risks that a lack of IT standards would create in a heavily-federated NHS but it was not considered a priority at that top political level.

“Hunt never grasped the problem,” said the source.

There are doubts, though, that Hunt could have forced trusts to implement national IT security standards even if he’d wanted to. NHS trusts are largely autonomous and GDS has no authority to mandate technical standards. It can only advise.

How our trust avoided being hit

A comment by an NHS IT lead on Digital Health’s website gives an insight into how his trust avoided being hit by the latest cyber attack.  He said his trust had a “focus on perimeter security” and then worked back to the desktop.

“This is then followed up by lots of IG security pop ups and finally upgrading (painfully) windows XP to windows 7…” He added,

“NHS Digital have to take a lead on this and enforce standards for us locally to be able to use.”

He also suggests that NHS Digital sign a Microsoft Enrollment for Windows Azure [EWA] agreement as it is costly arranging such a deal locally.

 “NHS Digital must for me, step in and provide another MS EWA as I am sure the disruption and political fall-out will cost more. Introduce an NHS MS EWA, introduce standards for software suppliers to comply with latest OS and then use CQC to rate organisations that do not upgrade.”

Another comment on the Digital Health website says that even those organisations that could afford the deployment costs of moving from XP to Windows 7 were left with the “professional” version, which “Microsoft has mercilessly withdrawn core management features from (e.g. group policy features)”.

The comment said,

“There are a lot of mercenary enterprises taking advantage of the NHS’s inability to mandate and coordinate the required policies on suppliers which would at least give the under-funded and under-appreciated IT functions the ability to provide the service they so desperately want to.”

A third comment said that security and configuration management in the NHS is “pretty poor”. He added, “I don’t know why some hospitals continue to invest in home-brew email systems when there is a national solution ready and paid for.

“In this recent attack most the organisations hit seem to use local email systems.”

He also criticised NHS organisations that:

  • Do not properly segment their networks
  • Allow workstations to openly and freely connect to each other in a trusted zone.
  • Do not have a proper patch / update management regime
  • Do not firewall legacy systems
  • Don’t have basic ACLs [access control lists)

Three lessons?

  • Give GDS the ability to mandate no matter how many Sir Humphreys would be upset at every challenge to their authority. Government would work better if consensus and complacency at the top of the civil service were regarded as vices, while constructive, effective and forceful criticism was regarded as a virtue.
  • Give the NHS money to spend on the basic essentials rather than nice-to-haves such as a paperless NHS, trust-wide wi-fi, smartphone apps, telehealth and new websites. The essentials include interoperability – so that, at the least, all trusts can send test results and other medical information electronically to GPs –  and the upgrading of medical devices that rely on old operating systems.
  •  Plan for making the NHS less dependent on monolithic Microsoft support charges.

On the first day of the attacks, Microsoft released an updated patch for older Windows systems “given the potential impact to customers and their businesses”.

Patches are available for: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, and Windows 8 x64.

Reuters reported last night that the share prices of cyber security companies “surged as investors bet on governments and corporations spending to upgrade their defences”.

Network company Cisco Systems also closed up (2.3%), perhaps because of a belief that it would benefit from more network spending driven by security needs.

Security company Avast said the countries worst affected by WannaCry – also known as Wannacypt – were Russia, Taiwan, Ukraine and India.

Comment

In a small room on the periphery of an IT conference on board a cruise ship , nearly all of the senior security people talked openly about how their board directors had paid ransoms to release their systems after denial of service attacks.

Some of the companies – most of them household names – had paid ransoms more than once.

Until then, I’d thought that some software suppliers tended to exaggerate IT security threats to help market their solutions and services.

But I was surprised at the high percentage of large companies in that small room that had paid ransoms. I no longer doubted that the threats – and the damage – were real and pervasive.

The discussions were not “off-the-record” but I didn’t report their comments at the time because that would doubtless have had job, and possibly even career ramifications, if I had quoted the security specialists by name.

Clearly ransomware is, as the GCHQ expert Kieran Martin put it, a global business but, as ransoms are paid secretly – there’s not a whisper in corporate annual accounts – the threat has not been taken seriously enough in some parts of the NHS.

The government’s main defence is that the NHS was not targeted specifically and that many private organisations were also affected.

But the NHS has responsibility for lives.

There may be a silver lining if a new government focuses NHS IT priorities on the basics – particularly the structural defects that make the health service an easy target for attackers.

What the NHS doesn’t need is a new set of politicians and senior civil servants who can’t help massaging their egos and trying to immortalise their legacy by announcing a patchwork of technological marvels that are fun to work on, and spend money on, but which gloss over the fact that much of the NHS is, with some notable exceptions, technologically backward.

Microsoft stockpiled patches – The Register

UK government, NHS and Windows XP support – what really happened – Computer Weekly

NHS letter on patches to counter cyber attack

Multiple sites hit by ransomware attack – Digital Health (31 comments)

Lessons from the WannaCrypt – Wannacry – cyber attack according to Microsoft

 

MPs suggest Cabinet Office is losing its grip on departments – but does it care?

By Tony Collins

The Register has an excellent piece by Kat Hall on how the Cabinet Office is losing its grip on Government departments.

Citing the annual report of the all-party Public Accounts Committee, Hall says there are issues where “departments repeatedly don’t do what they have been told or asked to do by the centre”.

An analysis by The Register found that

“government departments are winning significantly more exemptions to splash the cash on expensive IT projects since the departure of former Cabinet Office minister Francis “Mad Frankie” Maude last year”.

Chair of the Public Accounts Committee Meg Hillier said: “After my second year as Chair I am increasingly concerned about the long-term accountability of senior civil servants.

“The game of musical chairs starts as one Permanent Secretary moves on and they all change jobs in the system. And few are in post long enough to have a vested interest in the long-term aims of their department or a project.

“And there is the age-old tension between a department and central Whitehall through the Cabinet Office.”

Universal Credit and HMRC’s plans to overhaul its Aspire IT contract – the biggest in Europe – were outlined as being two areas of concern. As was the Home Office’s Emergency Services Network.

“The Home Office seemed to downplay the risks to the contract and its being caught unawares by the contractor does not reassure us that the Department is on top of the contract or this project. This could cost the taxpayer dear,” it said.

Comment:

It’s hard to argue with a comment on Hall’s piece by @JagPatel3 who suggests that some in Whitehall are as preoccupied with spin as with the efficient delivery of public services.

“… Government is preoccupied with presentation, manipulation of words and the dark art of spinning – instead of working on its programme of reform to deliver public services efficiently, to satisfy the wants, needs and expectations of the electorate.

“The political imperative of needing to put a positive slant on everything the Government does or will do, irrespective of whether it is true or not, is the reason why spin has become the centrepiece of this Government’s communications strategy.

“And because Government has got a monopoly on inside information (enabling it to maintain extremely tight control), it uses spin to divert attention away from the key issues that really matter to citizens …

“the eagerness with which senior Civil Servants have complied with their political masters’ desire to see policy announcements framed around presentation and spin, at the expense of substance, would explain why their skills set has been narrowed down to this single, dark art.”

The commentator also says that the “intense focus of attention on presentation alone has resulted in a massive gap opening up between the leadership and lower ranks of the Civil Service, who have to deal with the reality of delivering public services on the ground, on a day-to-day basis, which has in itself, led to alienation and disaffection”.

A good summary. Many ordinary civil servants are doing the hard work of delivering public services while a few of their masters are preoccupied with keeping what they do secret and justifying or defending all else that is published in National Audit Office reports, other third-party reports or leaked emails.

It’s hardly surprising the Cabinet Office is losing control of departments. Since Maude’s departure it doesn’t want control. It has become clear that it wants, in a hassle-free way,  to continue with Sir Humphrey’s non-integrated approach to government.

The Cabinet Office is just another Whitehall department. Why would it want to be an “enforcer?”

Some officials “smuggle their often half-baked proposals past ministers” says Cabinet Office adviser who quits

By Tony Collins

Jerry Fishenden has resigned from the Cabinet Office‘s Privacy and Consumer Advisory Group after nearly six years. First he was its chairman and more recently co-chairman.

The Privacy and Consumer Advisory Group comprises privacy and security experts who give the government independent analysis and guidance on personal data and privacy initiatives by departments, agencies and other public sector bodies. This includes GOV.UK Verify.

The group’s advice has had the citizens’ interests in mind. But the group might have been seen by some Whitehall officials as having an open and frank “outsiders” culture.

Francis Maude, then Cabinet Office minister, helped to set up the group but he left in 2015 and none of his replacements has had a comparable willingness to challenge the civil service culture.

Maude welcomed the help of outsiders in trying to change the civil service.  He tried to bring down the costs of Government IT and sought to stop unnecessary or failing projects and programmes. He also wanted to end the “oligopoly” of a handful of large IT suppliers. But Maude’s initiatives have had little continuing support among some Whitehall officials.

Fishenden said in a blog post this week that Maude had wanted the Privacy and Consumer Advisory Group to be a “critical friend” – a canary that could detect and help fix policy and technology issues before they were too far down the policy / Bill process.

“The idea was to try to avoid a repeat of previous fiascos, such as the Identity Card Act, where Whitehall generalists found themselves notably out of their depth on complex technical issues and left Ministers to pick up the pieces.”

He added that “since Francis Maude’s departure, there has been only one meeting” with subsequent Cabinet Office ministers.

“Without such backing, those officials who find the group’s expert reviews and analyses “challenging” have found it easier to ignore, attempting instead to smuggle their often half-baked proposals past Ministers without the benefit of the group’s independent assistance…

“Let’s just hope that after the election the value of the group will be rediscovered and government will breathe life back into the canary. Doing so would help realise Francis Maude’s original purpose – and bring significant benefits to us all, whether inside or outside of government.”

Comment

One of the Privacy and Consumer Group’s strengths has been its independent view of Government IT-related initiatives  – which is probably the main reason it has been marginalised.

Fishenden’s departure is further confirmation that since Maude’s departure, the Cabinet Office – apart from the Government Digital Service – has settled back into the decades-old Whitehall culture of tinkering with the system while opposing radical change.

While Whitehall’s culture remains unreformable, central government will continue to lose the best IT people from the private sector. Some of these include the former Government Digital Service executive director Mike Bracken, Stephen Foreshew-Cain, who took over from Bracken, Janet Hughes, programme director of Verify,  Andy Beale, GDS’s chief technology officer, Paul Maltby, GDS’s director of data and former Whitehall chief information officers Joe Harley, Steve Lamey, Andy Nelson and Mark Dearnley.

The unfortunate thing is that a few powerful career civil servants, including some permanent secretaries, will be delighted to lose such outsiders.

Jerry Fishenden is simply the latest casualty of a civil service tradition that puts the needs of the department before those of the citizen.

It’s a culture that hasn’t changed for decades.

The canary that ceased to be – Jerry Fishenden’s blog on his departure

Privacy and Consumer Advisory Group

Whitehall to auto-extend outsourcing deals using Brexit as excuse?

By Tony Collins

Type of government procurement spend 2014-2015. ICT is the top item.
Source: National Audit Office

Under a headline “UK outsourcing deals extended because of Brexit workload”, the Financial Times has reported that “hundreds of government contracts with the private sector that were due to expire are to be automatically extended because civil servants are too busy with Brexit to focus on new and better-value tenders”.

The FT says the decision to roll over the contracts could prove expensive for taxpayers because it limits competition and undermines government efforts to improve procurement.

A “procurement adviser to the government” whom the FT doesn’t name, said more than 250 contracts were either close to expiring or had already expired in 2016-17. The adviser told the FT,

“Brexit has pushed them down the list of priorities so there are lots of extensions and re-extensions of existing deals.”

The adviser added that this was the only way civil servants could prioritise the huge increase in Brexit-related work since the referendum.

Extensions

The FT provides no evidence of automatic contract extensions or the claim that deals will be extended because of the civil service’s Brexit workload.

There is evidence, however, that Whitehall officials tend to extend contracts beyond their original expiry date.

In a report published this year on the Cabinet Office’s Crown Commercial Service, the National Audit Office identified 22 framework contracts that were due to expire in 2016-17. Half of them (eleven) were extended beyond their original expiry date.

[The Crown Commercial Service was set up in 2014 to improve state procurement.]

The NAO also found that Whitehall departments – and the Crown Commercial Service – have been awarding contracts using expired framework deals, even though this contravenes public contracting regulations.

In 2015-16, 21 of the 39 frameworks that were due to expire were extended without competition or market testing, according to the NAO.

One example of an extended contract is a deal between Capita and the Department for Work and Pensions which started in 2010. Capita provides eligibility assessments for the personal independent payment allowance, which supports for people with long-term ill health or disability.

The five-year deal was extended by two years until July 2019.

Capita has also won a three-year extension to a contract with the Pensions Regulator and the BBC has extended a deal with Capita that was signed originally in 2002 to June 2022 – a total of at least 20 years.

Open competition?

The NAO has found that extending ICT contracts may not always be good for taxpayers. In the later years of their government contracts, suppliers tend to make higher margins (though not always).

There are also suggestions that civil servants will sometimes sign contract extensions when the performance of the supplier does not meet expected standards.

On ICT, the Cabinet Office asks central departments to complete a return every six months for each business process outsourcing and facilities management contract above £20m with strategic suppliers.

The survey asks whether the contract is being delivered on time, to scope, to budget, to the appropriate standards, and whether there have been any disputes.

In one study of government contracts with ICT suppliers, the NAO found that, of 259 returns from departments, 42 highlighted problems that included,

  • failure to achieve milestones
  • dissatisfaction with quality of outputs
  • errors and other issues with delivery
  • poor customer engagement and end user dissatisfaction and
  • failure to meet key performance indicators.

Comment

For taxpayers there is some good news.

A break-up of “Aspire”, the biggest IT outsourcing long-term deal of all, between HMRC and Capgemini (and to a lesser extent Fujitsu) – worth about £9bn – is going ahead this June. An HMRC spokesman says,

“HMRC is on track to complete the phased exit from Aspire, as planned, by June 2017.”

And according to Government Computing, Defra’s IT outsourcing contracts with IBM and Capgemini under a £1.6bn contract called “Unity” are due to expire in 2018 and there are no signs the deals will be extended.

But the Department for Work and Pensions’ huge IT outsourcing contracts with the same major suppliers are renewed routinely and not always with open competition. The DWP says on its website,

“DWP contracts are awarded by competition between potential suppliers, unless there are compelling reasons why competition cannot be used.”

The DWP doesn’t define “compelling”. Nor is it clear whether its auditors look at whether the DWP has put up a compelling case for not putting a large IT contract out to open competition.

In 2014 the Public Accounts Committee, after investigating major suppliers to government, concluded,

“Government is clearly failing to manage performance across the board, and to achieve the best for citizens out of the contracts into which they have entered.

“Government needs a far more professional and skilled approach to managing contracts and contractors, and contractors need to demonstrate the high standards of ethics expected in the conduct of public business, and be more transparent about their performance and costs”.

Breaking up is hard to do

The break up of the huge Aspire IT outsourcing contract at HMRC is an exception, not the rule. The NAO has found that civil servants regard their major incumbent suppliers as safe and less risky than hiring a smaller company (that’s not steeped in Whitehall’s culture).

The NAO has also found that in some cases officials don’t know whether their suppliers are performing well or not. On many ICT contracts there is “open book” accounting, but not all departments have the staff or expertise to check regularly on whether their suppliers’ profits are excessive.

If Whitehall, with exceptions, is continuing to roll over contracts whether it’s legal to do so or not, what incentive exists to stick to the rules?

Brexit?

The FT story suggests Brexit is the reason hundreds of contracts are to be extended automatically. There’s probably truth in the automatic extension of some contracts – but it’s unlikely to be because of Brexit.

It’s unlikely that the civil servants involved in Brexit will be the same ones who are handling ICT contract extensions. That said, Brexit will inevitably put a higher workload on lawyers working for government.

If contracts are being extended automatically, it’s probably because that’s the way it has always been, at least within living memory.

While Sir Humphrey and his senior officials remain only nominally accountable to Parliament for how they spend taxpayers’ money, the easiest option of renewing or extending existing contracts will usually be seen as the best option.

It can be justified with “compelling” arguments such as a need to make an urgent decision in difficult circumstances, or the absence of alternative suppliers who have the necessary skills or the financial strength to accept the risks of failure.

Will anything change?

Until departments have to publish contemporaneously their intentions to award contracts without open competition or there is effective accountability within the civil service for major decisions, little is likely to change.

It hasn’t happened yet and there’s no reason to believe it will.  Many politicians including prime ministers have tried to reform the civil service and they haven’t ruffled a single carpet in the corridors of Whitehall.

As Antony Jay, co-writer of Yes Minister,  said in January 2013,

“The central anomaly is that civil servants have years of experience, jobs for life, and a budget of hundreds of billions of pounds, while ministers have, usually, little or no experience of the job and could be kicked out tomorrow.

” After researching and writing 44 episodes and a play, I find government much easier to understand by looking at ministers as public relations consultants to the real government – which is, of course, the Civil Service.”

In short, Brexit is likely to be officialdom’s up-to-date excuse for carrying on much as before.

Thank you to @TimMorton2 for alerting me to the FT article.

Large suppliers still dominate government IT

By Tony Collins

In 2012, the then Cabinet Office minister Francis Maude, lamented the high costs of government IT and spoke of an “oligopoly” of large suppliers. He suggested things would change.

“… contracts were consistently awarded to a limited number of very large suppliers on long-term exclusive contracts.

“As a result there was inadequate competition and an abdication of control. The concept of having one supplier, aggregated supply, increased project risk and removed competitive tension.

“The Government repeatedly found itself paying large amounts for systems that were delivered late, over budget and which often did not fully meet the original policy requirement.  If indeed, they were delivered at all. There are plenty of well-documented disasters – such as DH’s now terminated National programme for IT.

“Ultimately, the last Government lost control of IT – it outsourced not only delivery, but its entire strategy and ability to shape the future of our public services.

“At the same time smaller, more innovative and efficient suppliers were finding themselves locked out of the supply of services to Government because of what was described by Parliament as a powerful “oligopoly” of large suppliers.

“Procurements took so long only the big companies could absorb the cost – which they naturally passed on to us.

“All in all, we had an approach that was bad for users, bad for the taxpayer and bad for growth.”

Public sector IT spending was up to £20bn a year, he said, adding that “public sector productivity was actually declining”.  He outlined how things were changing.

What has happened since?

A report published today by the National Audit “Digital Transformation in Government” raises a question of how much has changed.

Efforts to boost the SME share of government IT business “have had some impact”, says the National Audit Office, but it adds that “most government procurement with digital and technology suppliers continues to be with large organisations”.

“In 2015-16, 94% of such spending was with large enterprises, a fall of less than one percentage point since 2012-13.”

Today’s NAO report is mainly about the Cabinet Office’s Government Digital Service – GDS. It points out GDS’s strengths and weaknesses but in general does not give any advice on the sensitive point of whether it should have more or less influence on government IT.

On digital transformation, it says that the work of the NAO shows that attempts to transform government have had mixed success.

“Many public services appear increasingly unsustainable. Those responsible for major programmes have continued to exhibit over-optimism and make slow progress towards their objectives.”

It adds,

“Digital transformation has a mixed track record across government. It has not yet provided a level of change that will allow government to further reduce costs while still meeting people’s needs.

“GDS has also struggled to demonstrate the value of its own flagship initiatives such as Verify, or to set out clear priorities between departmental and cross-government objectives.

“GDS’s renewed approach aims to address many of these concerns as it expands and develops into a more established part of government. But there continues to be a risk that GDS is trying to cover too broad a remit with unclear accountabilities.

“To achieve value for money and support transformation across government, GDS needs to be clear about its role and strike a balance between robust assurance and a more consultative approach.”

Comment

The National Audit Office report is strong on facts and quality of research but avoids the big question of how GDS can bring about change when the top brass in departments prefer autonomy to what they see as GDS’s interference.

GDS’s existence goes to the heart of how the civil service runs. It is one part of the civil service trying to bring about change in other parts of the civil service.

And the evidence so far is that the civil service doesn’t like change.

The NAO report disappoints because it doesn’t address how government IT is to change if departments are to continue to run empires unchallenged by GDS or the heads of the civil service. Sir Humphrey is still king.

GDS scrutinises departmental IT spending – spending applications are reviewed by a team of eight people within GDS’s Standards Assurance team – but, much to Sir Humphrey’s delight, GDS’s influence seems to be waning.

When Jack Straw was Justice secretary, he told MPs in 2007 that when he abandoned projects there was a fuss at first and soon nobody noticed the project did not exist.

“There is always the option to abandon things. I did that in the Foreign Office with much complaint that the world might end.

“What happened was that we saved a lot of money and no one ever noticed the fact that that scheme did not exist…it is very frustrating that so many people, including the private sector, are taken in by snake oil salesmen from IT contractor who are not necessarily very competent and make a lot of money out of these things. I am pretty intolerant of this.”

How much has changed? Outsiders including Jack Straw and Francis Maude, together with insiders such as Chris Chant have pointed to the need for major changes in the way departments manage huge IT budgets and there have been some improvements: HMRC’s is breaking up its monolithic “Aspire” contract, citizens may notice that it is possible now to renew passports and driving licences online and GDS has had an impact in making departments think hard about whether they really need to spend the amounts they do on major IT contracts.

But major change in the costs of government IT seems not just a long way off but unattainable while the dominance of Sir Humphrey remains unchallenged.

Digital Transformation in Government – NAO report

Crazy – millions of citizens offered two competing government identity systems

 

From HMRC’s website on Gov.UK … Which should you choose to confirm your identity?
HMRC and other government departments are offering millions of citizens the choice of two “competing” identity systems – the Cabinet Office’s GOV.UK Verify, or HMRC’s Government Gateway.
There’s no guidance offered on which to choose; and no explanation for the absence of joined-up thinking.

By Tony Collins

When Whitehall departments do their own thing, the public rarely notices the duplicated time, effort and cost, at least when it comes to IT.  Now the “silo” approach has spilled out into the public arena.

The Government Digital Service – part of the Cabinet Office – developed GOV.UK Verify to enable people to confirm their identify when they want to use government services online.

At the same time, HMRC continued to work on a separate identity system: Government Gateway.

The cost of the two developments isn’t known.

HMRC prefers its own development work on Government Gateway because it enables companies as well as individuals to identify themselves. Verify is designed for individual use.

But instead of adapting one or the other to serve individuals and companies, or using Government Gateway for companies only, central departments are offering both  – with no guidance on which system citizens should choose; and there’s no explanation for the absence of a joined-up approach to IT.

The BBC’s technology correspondent Rory Cellan-Jones says of the two separate identity systems that GDS and HMRC are engaged in a “bitter turf war”.

Comment

Today I went online to renew a driving licence and was shepherded by DVLA to use the Government Gateway identity system. A few weeks ago I had already successfully registered with GOV.UK Verify.

Government Gateway didn’t work properly, for me at least, although I had all the correct documents.

When I registered to use a different government service a few weeks I had no choice but to use GOV.UK Verify to confirm my identity. Verify was thorough, seamless and worked perfectly. Impressive. It left the impression of a system that had been well thought out, with the citizen in mind.

Putting aside the fact that Government Gateway did not work for me, it seemed dated, much less thorough than Verify, and left an impression of transience – that it was a temporary “make-do” system. For instance, the help screens were not tailored to the particular question being asked. Not impressive.

For me. GOV.UK Verify is the identity system of choice. It could surely be adapted to confirm the identities of companies – unless HMRC would rather continue to do its own thing.

It’s ludicrous that central government is spending billions of IT annually without a joined-up approach. Ministers keep promising it. Officials at conferences keep promising it. Whitehall press releases promise it.

A few weeks ago departments were offering only Government Gateway or GOV.UK Verify. Now many of them are offering both.

That’s progress?

Disturbing

A wider point of Whitehall’s dual IT approach to identity verification is that it’s the tip of the iceberg (apologies for the cliché but it’s apt).

With their ICT budgets, collectively, of billions of pounds a year, central departments are, in the main, doing their own thing.

A politician with the clout of Francis Maude may be needed to bang the heads of permanent secretaries together. But even if Maude’s replacement Ben Gummer had that clout – and he doesn’t – permanent secretaries and departmental boards would complain that the Cabinet Office was interfering.

Complaints along these lines would be made, perhaps, in off-the-record briefings to friendly journalists and to the National Audit Office in departmental responses to NAO surveys of senior officials, with the result that the Cabinet Office would end up backing away from trying to enforce a joined up IT approach.

That a genuine joined-up approach to government IT has been talked about for decades and hasn’t happened is largely because, outside of determining of the size of budgets, it is the permanent secretaries and their senior officials who hold power in Whitehall,  not transient politicians.

And bureaucracies always want to keep their departmental empires as intact as possible.

The current two top Whitehall officials, Cabinet Secretary Sir Jeremy Heywood and John Manzoni, chief executive of the civil service, are consensus-seeking people, not at all confrontational. Probably their lack of a controversial edge is one of the main reasons they were chosen for their jobs.

All of which means there’s no chance of permanent secretary heads being banged together in an effort to cut costs and help bring about joined up government IT .

In 2012, Francis Maude, then Cabinet Office minister,  said, in a speech to the FT Innovate Conference,

“In the last decade our IT costs have gone up – while our services remained patchy. According to some estimates, we spend more on IT per capita than any other government.”

Is government ICT spending much less today? Perhaps HMRC’s Government Gateway officials would let us know.

**

Some Twitter comments





What Google looks for when hiring staff … traits Whitehall’s culture abhors?

By Tony Collins

The contrast between what Google looks for when hiring staff and what Whitehall looks for when making some of its top appointments, could give clues as to why many government IT-based projects and programmes fail.

First, the strengths Google looks for.  These were set out yesterday on BBC R4 by Laszlo Bock,  human resources chief at Google for 10 years.

Google was named “Best Company to Work For” more than 30 times around the world and received over 100 awards as a top employer during Bock’s time.

In 2010, he was named “Human Resources Executive of the Year”. Under him, Google changed its clunky, arduous recruitment processes that relied on gimmicks like maths puzzles to those that helped the company grow to about 60,000 employees in less than two decades.

In 2015 he  published his first book, The New York Times bestseller Work Rules!, a practical guide to help people find meaning in work and improve the way they live and lead. He resigned from Google in 2016.

On the BBC  “Analysis” programme on Monday evening – which looked at intelligence and talent and what they mean, if anything, in job interviews –  Bock said the least important attribute Google screens for is whether someone knows about the job they are taking on. Crunching the data on successful hiring led Google instead to look for these characteristics:

  • Humility
  • Conscientiousness
  • A sense of responsibility not to quit until the job is done well
  • Comfort with ambiguity
  • A sense of fun
  • Courage

Why courage?

Bock said,

“It’s about the importance of people being able to raise their voices in organisations. One of the things that happens is, when organisations get large, people stop raising their voices and really bad things happen as a result. That’s where you get whistleblowing, insider trading, all kinds of things.

“Human beings are evolved, biologically, as social, hierarchy-seeking animals. We tend to conform. So courage is important because the really innovative, creative stuff comes from ‘I got this crazy idea’ and the bad problems get flagged by people who are willing to raise their hand and say ‘I don’t think this is a good thing to do’.

“Without that you can’t do great things.”

Comment

It’s too easy to generalise about the hiring and appointment of senior civil servants. But it’s possible to understand a little about the hiring culture within Whitehall’s biggest department, the Department for Work and Pensions.

An insight into DWP culture and thinking can be gleaned from the many Lever arch folders of documents filed by the DWP as part of an FOI case in which it spent several years fighting to stop the release of documents about the Universal Credit IT programme.

The documents include DWP witness statements on the “harm” that would be caused if the IT documents in question were published.

The judge in the case, Chris Ryan, challenged most of the DWP’s arguments.

In one of his rulings, Judge Ryan described the DWP’s claims as:

  • alarming and surprising
  • overstated
  • unconvincing
  • close to fanciful

He said that public confidence in the Universal Credit IT programme had been maintained for some time “on a false basis”; and he raised the possibility that an “unhealthily collegiate relationship had developed” between the DWP and private sector IT suppliers. [Campaign4Change will publish a separate blog post on this ruling in the next few days.]

As well as the insight into DWP culture that one can gain from the FOI case, it’s possible to gauge culture and thinking within Whitehall departments from the talented, free-thinking IT individualists who have joined the top layer of the civil service, quit and returned to the private sector.

It would be invidious to pick out some names as there are so many.

What all this suggests is that Whitehall’s culture appreciates conformity and consensus and shuns boat-rocking.

When top IT professionals who joined HMRC and the DWP spoke publicly at conferences about institutional problems that needed to be tackled, mandarins reacted quickly – and such disclosures were never repeated.

And after a leak to the Guardian about the results of a DWP staff survey of morale on the Universal Credit IT programme, the department launched a formal leak inquiry headed by a senior member of the security services.

At the same time, Universal Credit IT programme documents were no longer emailed but transferred around in taxis.

This bout of nervous introspection (the judge described the DWP’s arguments in the FOI case as “defensive”) when taken together with what else we know, indicate that Whitehall’s culture is insular, distrustful and inimical to open challenge and problem-solving (though there are some within the senior Whitehall ranks who successfully defy that culture).

When Bock talks of conformity being a danger within large organisations he would not have had the DWP in mind – but he aptly describes its culture.

When he speaks about the “importance of people being able to raise their voices in organisations” he was probably unaware of the extent to which Whitehall culture abhors raised voices.

As Bock says, when people don’t raise their voices “really bad things happen as a result”. Perhaps the lack of internal challenge was one reason the NHS IT programme – NPfIT – lost billions of pounds, and the DWP’s Universal Credit programme went badly awry for several years.

When Bock says the “really innovative, creative stuff comes from ‘I got this crazy idea’, he could have been describing the culture of the Government Digital Service. But that refreshing GDS culture is being slowly choked by the conservatism of traditional Whitehall departments.

As Bock says, “the bad problems get flagged by people who are willing to raise their hand and say ‘I don’t think this is a good thing to do’.”  But bad problems are things senior civil servants avoid talking about, even internally. A Disneyland”good news” culture pervades central departments.

A National Audit Office report on the Universal Credit programme referred to a “fortress mentality” within the DWP.

Maybe the consensus-seeking John Manzoni, head of the civil service, and his colleague Sir Jeremy Heywood, Cabinet Secretary, could seek to employ Bock as an adviser on appointments and recruitment.

Bock’s brief? To turn around the senior civil service’s culture of conformity, groupthink, denial, selective use of “good news” facts and a lack of open challenge.

Recognising the destructiveness within a big organisation of having the wrong culture – as Bock does – could be the start of a genuine Whitehall transformation.

BBC R4 “Analysis” on talent, intelligence and recruitment

Laszlo Bock steps down

Central buying of IT and other services is a bit of a shambles – just what Sir Humphrey wants?

By Tony Collins

Cabinet Office entrance

Cabinet Office entrance

Like the Government Digital Service, the Crown Commercial Service was set up as a laudable attempt to cut the huge costs of running central government.

The Cabinet Office under Francis Maude set up the Crown Commercial Service [CCS] in 2014 to cut the costs of buying common products and services for Whitehall and the wider public sector including the NHS and police.

It has a mandate to buy commodity IT, other products and services and whatever can be bought in bulk. It has had some success – for example with negotiating lower prices for software licences needed across Whitehall. The skills and knowledge of its civil servants are well regarded.

But, like the Government Digital Service, CCS has had limited support from permanent secretaries and other senior officials who’d prefer to protect their autonomy.

It has also been hindered by unachievable promises of billions of pounds in savings. Even CCS’s own managers at the time regarded the Cabinet Office’s plans for huge savings as over-optimistic.

Yesterday [13 December 2016] the National Audit Office published a report that questioned whether CCS has paid its way, let alone cut public sector costs beyond what civil and public servants could have achieved without it.

CCS employed 790 full-time equivalent staff in 2015/16 and had operating costs in one year alone of £66.3m

This was the National Audit Office’s conclusion:

“CCS has not achieved value for money. The Cabinet Office underestimated the difficulty of implementing joint buying for government. With no business case or implementation plan CCS ran into difficulties. Net benefits have not been tracked so it cannot be shown that CCS has achieved more than the former Government Procurement Service would have.

“However, the strategic argument for joint buying remains strong and CCS is making significant changes to improve future services.”

Some of the NAO’s detailed findings:

  • The public sector spends £2.5bn directly with CCS – £8bn less than originally forecast.
  • Seven departments buy directly through CCS – 10 fewer than originally forecast
  • The forecast of £3.3bn net benefits from the creation of CCS over the four years to 2017-18 are  unlikely to materialise.
  • The National Audit Office says the actual net benefits of CCS to date are “unknown”.
  • The Cabinet Office did not track the overall benefits of creating CCS.
  • Most of the planned transfers of procurement staff from central departments and the wider public sector to CCS haven’t happened.
  • Where some of the workforce has transferred, some departments have rehired staff to replace those who transferred.
  • Departments continue to manage their own procurement teams, although they use CCS’s frameworks.
  • CCS was set up with the power to force central departments to use its bulk buying services. But that power wasn’t enforced.
  • The National Audit Office says it is “no longer clear whether CCS has a clear mandate that requires all departments to use it for direct buying… it no longer has a clear timetable or expectation that further departments will transfer staff or buying functions to CCS”.

It’s all a far cry from the expectations set by a Cabinet Office announcement in 2013 which said that CCS will “ensure maximum value for the taxpayer is extracted from every commercial relationship”.

The then Cabinet Office minister Francis Maude said at the time,

“The new Crown Commercial Service will ensure a step change in our commercial capability, giving government a much tighter grip on all aspects of its commercial performance, from market engagement through to contract management.”

Comment

Why CCS has failed so far to make much difference to Whitehall’s costs is not clear. It seems to have been hit by a combination of poor management at the outset, a high turnover of senior officials and ludicrously high expectations, combined with a civil service reluctance in central departments and the wider public sector to cede control over procurement to CCS –  even when it comes to common products and services.

The NAO report is a reminder of a fundamental flaw in the way government works: central departments can’t in practice be forced to do anything. They are a power unto themselves. The Cabinet Office has powers to mandate a change of practice and behaviour in central departments – to which Sir Humphrey can shrug his shoulders and change nothing

Even the Prime Minister is, in practice, powerless to force departments to do something they don’t want to do (except in the case of the miscarriage of justice that involved two Chinook pilots who were eventually cleared of gross negligence because the then defence secretary Liam Fox, through a series of manoeuvres, forced the MoD to set the finding aside).

The CCS may be doomed to failure unless the Cabinet Office rigorously enforces its mandate to make government departments use its buying services.

If the Cabinet Office does not enforce its power, Sir Humphrey will always protect his turf by arguing that the products and services his officials buy – including IT in general – are specific and are usually tailored to the department’s unique and complex needs.

Much to the relief of Sir Humphrey, Francis Maude, the battle-hardened enforcer at the Cabinet Office, has left the House of Commons. He has no comparable replacement.

Are all central initiatives aimed at making  a real dent in the costs of running Whitehall now doomed to failure?

Sir Humphrey knows the answer to that; and he’s wearing a knowing grin.

Crown Commercial Service – National Audit Office report

 

Barnet Council claims £31m savings with Capita – and not an auditor in sight.

By Tony Collins

capita

It’s commendable that Barnet Council has published much material on its three-year review of a £322m 10-year outsourcing contract with Capita.

More than a dozen council reports and appendices cover every aspect of the contract.

The quantity of material seems, on the face of it, to answer critics of the outsourcing deal, among them local bloggers, who have pointed to the lack of reliable evidence of the savings achieved. The suspicion is that costs have increased and council services including ICT have deteriorated since Capita took over in 2013.

Now the council has ostensibly proved that the opposite is the case. Barnet’s press release says,

Barnet Council and Capita contract delivers £31m savings

“A review of a contract between Barnet Council and Capita has demonstrated it is delivering significant benefits to the borough with overall savings of £31 million achieved alongside increased resident satisfaction…

“In terms of satisfaction with services provided, the review, showed 76 per cent of residents were satisfied with the outward-facing customer services, up from 52 per cent before the contract was established.

“This increase was even more significant in respect of face to face services, as 96 per cent of residents who engaged with the council in this way said they were satisfied compared with a previous 35 per cent.

“The review also showed that the cost of delivering the bundle of services provided in the contract is now £6m a year less than before the contract was signed and that 90 per cent of the contract’s key performance indicators being met or exceeded.”

The press release quotes two leaders of the council saying how pleased they were with the contract. Capita calls it a “positive review”.

The review has various mentions of items of additional spending including £9m on ICT and it’s not clear whether the extra sums are taken into account in the savings figures.

Among the review’s suggestions is that the council pay Capita’s annual management fee of £25m up front – a year in advance – instead of every quarter in return for extra savings.

The review also raises the possibility of extending the contract beyond the 10 years in return for additional savings. Capita is “keen” to explore this suggestion (though it could tie the hands of a future council administration).

The review reports were compiled by council officers who reported to a working group of Tory and Labour councillors, under a much-respected Tory chairman. By a small margin, Conservatives run the council.

Lack of independent challenge?

It’s unclear why the council did not commission its audit committee, or auditors, to review the contract. In the past the audit committee has been critical of some aspects of the contract.

For this reason the reports are unlikely to silence critics of Barnet’s outsourcing deal. Council officers compiled the review’s findings, not auditors.

As a result, despite the volume of published written material, there is no evidence that the figures for savings have been independently verified as accurate.

Neither is there independent verification of the methods used by officers for obtaining the figures.

Further, some observers may question the positive tone of the review findings. The “good news” tone may be said to be at odds with the factual neutrality of, say, reports of the National Audit Office.

There are also questions about whether the council is providing enough effective challenge to Capita’s decisions and figures.

At a council committee meeting in November 2016 to discuss the review reports, the most informed challenges to the findings appear to have come not from Barnet councillors but two local bloggers, Mrs Angry and Mr Reasonable, who questioned whether the claimed savings could be more than wiped out by additional spending – including an extra £9m on ICT. They appear to have received no clear answers.

Concerns of some officials

The body of the review reports outline some of the concerns of staff and directors. Mrs Angry quotes some of the concerns from the review reports:

“Transparency of costs, additional charges and project spend were raised as key concerns. It was felt that CSG [Barnet’s Customer and Support Group, for which Capita is responsible] are often reluctant to go above and beyond the requirements of the contract without additional charges.

“Directors reported that the council needs to be more confident that solutions suggested by CSG, particularly for projects and capital spend are best value.

“Concerns were raised that CSG has a disproportionate focus on the delivery of process and KPIs over outcomes, creating a more contractual rather than partnership relationship between CSG and the council. Directors noted that many KPIs are not relevant and their reporting does not reflect actual service performance.”

The Capita contract began in September 2013, under which it provides finance, ICT, HR, Customer Services, Revenues and Benefits, Procurement, Estates and Corporate Programmes.

Comment

On the face of it, Barnet Council’s review of the Capita contract looks comprehensive and impressively detailed.

Looked at closely it’s disappointing – a wasted opportunity.

Had the council wanted the review’s findings to be widely believed, it would have made it uncompromisingly independent, in line with reports by the National Audit Office.

As it is, the review was carried out by council officers who reported to a working group of councillors. The working group comprised Labour as well as Tory councillors but the facts and figures were compiled by officers.

Nearly every page of every Barnet review report has a “good news” feel. There’s an impression that negative findings are played down.

Example:

“It should be noted that the failure to meet the target for KPI 30 related to one quarter only [my italics] and discussions are continuing regarding the application of the above service credit.”

Some negative findings are immediately countered by positive statements:

“CIPFA benchmarking data shows that the cost of the ICT service is slightly above the median, but below upper quartile in terms of the cost of the service as a percentage of organisational running costs.”

Another example of a negative finding immediately countered by a positive one, which may be said to be one hallmark of a non-independent report:

“One key area of concern in terms of overall performance is internal customer satisfaction… Survey results in respect of the financial year 2015/16 were universally poor, with all services failing to meet the target of upper quartile customer satisfaction. As a result, service credits to a total value of £116k have been applied in respect of these KPIs.

“To some extent, a degree of dissatisfaction amongst internal service users is to be expected, given the fact that cost reductions have been achieved to a large extent through increased self-service for both managers and staff, along with more restrictive processes and controls over things like the payment of invoices and the appointment of staff.

“Despite the survey outcomes indicating a low level of satisfaction, the interviews conducted with staff and managers as part of this Review suggest that services are generally considered to be improving.”

Integra ERP financial system a “success” – ?

The review report describes Capita’s introduction of the Integra financial system as “successful”. Elsewhere, however, it says,

“Many users raised issues with the Integra finance system, describing it as clunky and not user-friendly or intuitive.”

Double counting?

There’s no evidence that savings figures have been checked for possible inadvertent double counting on overlapping services. Double counting of savings is regularly found in National Audit Office reports.

“There are no standardised way for departments to evidence the reductions in ongoing expenditure,” said the National Audit Office in a report on Cabinet Office savings in July 2014. “Departments provided poor evidence, and double counting was highly likely as projects reduced staff or estates requirements.”

In a separate report on claimed savings in central government, the National Audit Office quoted the findings of an internal audit …

“A number of errors (instances where the evidence did not support the assertion) were found during our review and total adjusted accordingly … In addition, a number of savings were double counted with other savings categories and these have now been removed…

“We assessed some £200m of other savings as Red because they were double counted due to the same savings having been claimed by different units or, for example, because savings on staff were also claimed through reductions in average case costs.”

Omitted costs?

The omission of relevant costs could skew savings figures. It’s unclear from Barnet’s review reports whether extra spending of millions of pounds on, for example, ICT have been taken into account. Barnet blogger Mr Reasonable, who has a business background, raises the question of whether £65m of additional spending has been taken into account in the savings figures.

Reverse Sir Humphrey phenomenon?

The biggest single flaw in the review reports is that they appear worded to please the councillors who made the decision to outsource – the reverse of the “Sir Humphrey” caricature. The positive tone of Barnet’s reports implies that officers are – naturally – deferring to their political leaders.

In a BBC Radio 4 documentary on Whitehall, former minister Peter Lilley talked about how some officials spend part of their working lives trying to please their political leaders.

“Officials are trying to work out how to interpret and apply policy in line with what the minister’s views on the policy is …. They can only take their minister’s written or spoken word for it and that has a ripple effect on the department far greater than you imagine… Making speeches is the official policy of the department and that creates action.”

Another former minister Francis Maude told the BBC he found that too few officials were willing to say anything the minister did not want to hear.

“The way it should work is for civil servants give very candid well informed advice to ministers about what it is ministers want to do – the risks and difficulties,” said Maude. “My experience this time round in government, 20 years on from when I was previously government, is that the civil service was much less ready to do that.

“There were brilliant civil servants who were perfectly ready to tell you things that they thought you might not want to hear but there were too few of them.”

Barnet’s reviewing officers might have been dispassionately independent in reporting their findings and double checking the supplied figures – but who can tell without any expert independent assessment of the review?

The US Sabanes-Oxley Act, which the Bush administration introduced after a series of financial scandals, defines what is meant by an “independent” audit. The Act prohibits auditing by anyone who has been involved in a management function or provided expert services for the organisation being audited.

That would disqualify every Barnet officer from being involved in an independent audit of their own council’s contract with Capita.

The Act also says that the auditor must not have been an employee of the organisation being audited. Again that would disqualify every Barnet officer from an independent audit of their own council’s contract.

Review a waste of time and money?

It would be wrong to imply that the review is a pointless exercise. It identifies what works well and what doesn’t. It will help officers negotiate changes to the contract and to key performance indicators. For example it’s of little value having a KPI to answer phone calls within 60 seconds if the operator is unable to help the caller.

What the review does not provide is proof of the claimed savings. Barnet’s press release announcing savings of £31m is just that – a press release. It does not pretend to be politically neutral.

But without independent evidence of the claimed savings, it’s impossible for the disinterested observer to say that the Capita contract so far has been a success. Neither does evidence exist it has failed.

Capita share price at 10-year low

What is clear is that fixing some of the more serious problems identified in the report, such as obsolescent IT, will not be easy given the conflict between the continuing need for savings and Capita’s pressing need to improve the value of its business for shareholders, against a backdrop of difficulties on a number of its major contracts [Transport for London, Co-op Bank, NHS] and a share price that was yesterday [30 November 2016] at a ten-year low.

The review also raises a wider question: are most of a council’s busy councillors who come to council meetings in their free time equipped to read through and digest a succession of detailed reports on the three-year interim results of a complex outsourcing contract?

If they do glance through them, will they have enough of a close interest in the subject, and a good understanding of it,  to provide effective challenge to council officers and their political leaders?

If nothing else, the Barnet review shows that councillors in general cannot provide proper accountability on an outsourcing contract as complex as Capita’s deal with Barnet.

Either council tax payers have to put their faith in officers, irrespective of the obvious pressure for officialdom to tell its political leaders what they want to hear, or council taxpayers can put their faith in an independent audit.

Barnet Council has not given its residents any choice.

It’s a pity that when it comes to claimed savings of £31m there’s not an auditor in sight.

Barnet declares its contract a success – Barnet and Whetstone Press

Mr Reasonable – important questions on the Capita review

Mrs Angry – who writes compellingly on the council meeting where the review reports were discussed.

Long may Government Digital Service bring about “creative tension” in Whitehall

By Tony Collins

In a report published yesterday (25 October 2016) the National Audit Office said it will shortly be undertaking a review of the Government Digital Service.

It will study GDS’s “achievements and the  challenges it faces, looking in particular at whether the centre of government is  supporting better use of technology and business transformation in government”.

It mentioned its review of GDS in a report on Progress on the Common Agricultural Policy Delivery Programme. Among other things the report looked at the IT that is supposed to support payments of farmer subsidies.

With GDS’s help Defra’s Rural Payments Agency adopted an agile approach to paying subsidies but the two parties fell out and GDS stopped working on the programme.

The NAO’s report suggests that the Rural Payments Agency is glad to be rid of GDS.

“The GDS no longer has significant involvement in the Programme and the Rural Payments Agency told us it has not sought any further support.

“Its distance from the Programme has allowed the Department [DEFRA] to shift from a focus on agile and digital delivery to an approach that combines agile software development with programme management and governance arrangements with which the RPA is more familiar.”

Government Computing has a good analysis of the NAO report.

Mandarin power

Francis Maude, meanwhile, has warned that the work of GDS, which has helped to “stop the wrong things happening”, is being undermined, reports Public Finance.

Maude, who set up GDS in 2011, blamed mandarins who were trying to reassert their autonomy.

Maude said that developments such  as controls on spending and improvements in service standard assessment processes do not happen spontaneously.

“You have to drive it centrally, and departments, separate ministries and separate agencies prize their autonomy and they will always want to take it back, and that is now happening.

“Just at the moment when the UK has just recently been ranked top in the world for digital government, we are beginning to unwind precisely the arrangements that had led to that and which were being copied in America and Australia and also some other countries as well,” said Maude.

“This is, for me, a pity – there is a sense these old structures in government, which are essentially about preserving the power of the mandarins, are being reasserted.”

He said there was a “continuing need for very strong central strategic leadership with the power backing it up to stop the wrong things happening.”

Tom Kibasi, director of the Institute for Public Policy Research, said any dismantling of GDS illustrated “government’s extraordinary propensity to self harm”.

He said it was very odd that GDS was being “scaled back and unwound at just the moment that it appears to be successful”.

In August 2016 Maude warned that it would be a “black day” if GDS were dismantled.

That said, GDS has its critics.

Comment

A clash of cultures between GDS and the Rural Payments Agency made it almost inevitable that the two sides would fall out. This is also what happened between GDS and the DWP.

Agile-wedded idealists?

If some senior civil servants had their way, particularly at the DWP, GDS would slowly lose its identity and its staff gradually dispersed throughout the civil and public services.

Clearly civil servants at the Rural Payments Agency looked at GDS  as comprising mostly agile-wedded idealists obsessed with technological innovation rather than paying subsidies to farmers.

But long before the arrival of GDS, the RPA had a history of IT failure. Perhaps the RPA would rather be left on its own to fail without GDS’s help?

The latest NAO report is a little more positive about the RPA’s achievements than some past reports.

But this week’s Farmers Weekly, which has reported extensively on delays of correct subsidy payments to farmers, quoted the National Farmers Union as saying that problems from 2015 claims were still far from over.

The future of GDS?

How easy is it for senior officials in any large central department to work closely with the Government Digital Service?

Departments – particularly HMRC and the DWP – cherish their autonomy, so GDS is seen by some permanent secretaries as an unnecessary interference.

And when it comes to the IT of central departments, GDS has no clear role.

But GDS’s creation was a good idea. Without it, departments will be left alone to continue IT spending on a vast scale.

GDS’s admittedly brief challenge at the Rural Payments Agency and at the DWP on the Universal Credit IT programme has, arguably, slightly modernised IT approaches within those departments.

And even if the costs of big Whitehall IT contracts have not changed much, there’s no doubt that the public face of government IT has improved noticeably (eg using digital passport photos for online driving licence renewals),

The more its people are resented by high-ranking civil servants, the better job GDS is probably doing on behalf of the public.

Consensus can sometimes mean complacency. Long may GDS’s relationship with departments be characterised by a state of creative, noble tension.

National Audit Office report “Progress on the Common Agricultural Policy Delivery Programme”.

GDS’s departure from CAP programme leads RPA to ditch agile approach – Government Computing

Is Sir Humphrey trying to kill off GDS and the innovations it stands for?