Tag Archives: Efficiency and Reform Group

Aftermath of the cyber attack – will ministers learn the wrong lessons?

By Tony Collins

At least 16 NHS trusts out of 47 that were hit by the ransomware attack continue to face problems, according to BBC research.

And, as some patients continued to have their cancer treatments postponed, Tory, Labour and Lib-dem politicians told of their plans to spend more money on NHS IT.

But will any new money promised by government focus on basic weaknesses – such as the lack of interoperability and the structural complexities that made the health service vulnerable to cyber attack?

Last year when the health secretary Jeremy Hunt announced £4bn for NHS IT, his focus was on new technologies such as smartphone apps to order repeat prescriptions rather than any urgent need to upgrade MRI, CT and other medical devices that rely on Windows XP.

Similarly the government-commissioned Wachter review “Making IT Work: Harnessing the Power of HealthInformation Technology to Improve Care in England made no mention of Windows XP or any operating system – perhaps because ministers were much more likely to welcome a review of NHS IT that focused on innovation and new technologies.

Cancer treatments postponed

The Government’s position is that the NHS was not specifically targeted in the cyber attack and that the Tories are putting £2bn into cyber security over the next year.

Theresa May said yesterday,

“It was clear warnings were given to hospital trusts but this is not something that was focused on attacking the NHS. 150 countries are affected. Europol says there are 200,000 victims across the world. Cyber security is an issue we need to address.

“That’s why the government, when we came into government in 2010, put money into cyber security. It’s why we are putting £2bn into cyber security over the coming year.”

Similarly Jeremy Hunt, health secretary, told the BBC that the attack affected international sites that have “some of the most modern IT systems”.

But the BBC’s World at One gave an example of how the NHS’s IT problems were affecting the lives of patients.

It cited the case of Claire Hobday whose radiography appointment for breast cancer at Lincoln County Hospital was cancelled on Friday (12 May 2017) and she still doesn’t know when she’ll receive treatment. Hobday said,

“I turned up by hospital transport for my second radiotherapy session, and I, along with many other patients – at least 20 other people were waiting – and they said the computers weren’t working.

“I do have to say the staff were very good and very quickly let us all know that they were having trouble with the computers. They didn’t want to misinform us, so they were going to come and talk to us all individually and hoped they would be able to rectify it.

“Within half an hour or so they came out and said, ‘We’re really sorry but it’s not going to get sorted. We’ll send you all home and give you a call on Sunday’ which didn’t happen.

“But they did ring me this morning (15 May 2017) to say it’s not happening today and if transport turns up please don’t get in it, and it’s very unlikely it will happen tomorrow.

“It is just a bit upsetting that other authorities have managed to sort it but Lincolnshire don’t seem to have been able to do that.”

United Lincolnshire Hospitals Trust told World at One it will be back in touch with patients once the IT system is restored.

Roy Grimshaw was in the middle of an MRI scan – after dye was injected into his blood stream –  when the scan was stopped and he was asked to go back into the waiting room in his gown, with tubes attached to him, while staff investigated a computer problem. After half an hour he was told the NHS couldn’t continue the scan.

Budgets “not an issue”?

GP practices continue to be affected. Keiran Sharrock, GP and medical director of Lincolnshire local medical committee, said yesterday (15 Mat 2017) that systems were switched off in “many” practices.

“We still have no access to medical records of our patients. We are asking patients to only contact the surgery if they have an urgent or emergency problem that needs dealing with today. We have had to cancel routine follow-up appointments for chronic illnesses or long-term conditions.”

Martha Kearney – BBC World at One presenter –  asked Sharrock about NHS Digital’s claim that trusts were sent details of a security patch that would have protected against the latest ransomware attack.

“I don’t think in general practice we received that information or warning. It would have been useful to have had it,” replied Sharrock.

Kearney – What about claims that budget is an aspect of this?

Sharrock: “Within general practice that doesn’t seem to be the reason this happened. Most general practices have people who can work on their IT and if we’d been given the patch and told it needed to be installed, most practices would have done that straight away.”

GCHQ

World at One also spoke to Ciaran Martin, Director General for Government and Industry Cyber Security.  He is a member of the GCHQ board and its senior information risk owner.  He used to be Constitution Director at the Cabinet Office and was lead negotiator for the Prime Minister in the run-up to the Edinburgh Agreement in 2012 on a referendum on independence for Scotland.

Kearney: Did your organisation issue any warnings to the health service?

Martin: “We issue warnings and advice on how to upgrade defences constantly. It’s generally public on our website and it’s made very widely available for all organisations. We are a national organisation protecting all critical sectors and indeed individuals and smaller organisations as well.”

Huge sums spent on paying ransoms?

Kearney asked Martin, “How much money are you able to estimate is being spent on ransoms as a result of these cyber attacks?” She added,

“I did hear one astonishing claim that in the first quarter of 2016 more money was spent in the USA on responding to ransomware than [was involved] in armed robberies for the whole of that year?”

Martin: “First let me make clear that we don’t condone the payment of ransoms and we strongly advise bodies not to pay and indeed in this case the Department of Health and the NHS have been very clear that affected bodies are not to pay ransoms. Across the globe there is, sadly, a market in ransomware. It is often the private sector in shapes and sizes that is targeted.”

Martha Kearney said the UK may be a target because it has a reputation for being willing to pay ransoms.

Martin, “We are no more or less a target for ransomware than anywhere else. It’s a global business; and it is a business. It is all about return on investment for the attacker.

“What’s important about that is that it’s all about upgrading defences because you can make the return on investment lower by making it harder to get in.”

If an attacker gets in the aim must be to make it harder to get anything useful, in which case the “margin on investment goes down”. He added,

“That’s absolutely vital to addressing this problem.”

Are governments at fault?

Martin,

“Vulnerabilities will always exist in software. Regardless of who finds the underlying software defect, it’s incumbent on the entire cyber security ecosystem – individual users, enterprises, governments or whoever – to work together to mitigate the harm.”

He added that there are “all sorts of vulnerabilities out there” including with open source software.

Windows XP

Computer Weekly reports – convincingly – that the government did not cancel an IT support contract for XP.

Officials decided to end a volume pricing deal with Microsoft which left NHS organisations to continue with XP support if they chose to do so. This was clearly communicated to affected departments.

Government technology specialists, reports Computer Weekly, did not want a volume pricing deal with Microsoft to be  “comfort blanket” for organisations that – for their own local reasons – were avoiding an upgrade from XP.

Computer Weekly also reported that civil servants at the Government Digital Service expressed concerns about the lack of technical standards in the NHS to the then health minister George Freeman.

Freeman was a Department of Health minister until July 2016. In their meeting with Freeman, GDS officials  emphasised the need for a central body to set technical standards across the NHS, with the authority to ensure trusts and other organisations followed best practice, and with the transparency to highlight those who chose not to.

A source told Computer Weekly that Jeremy Hunt was also briefed on the security risks that a lack of IT standards would create in a heavily-federated NHS but it was not considered a priority at that top political level.

“Hunt never grasped the problem,” said the source.

There are doubts, though, that Hunt could have forced trusts to implement national IT security standards even if he’d wanted to. NHS trusts are largely autonomous and GDS has no authority to mandate technical standards. It can only advise.

How our trust avoided being hit

A comment by an NHS IT lead on Digital Health’s website gives an insight into how his trust avoided being hit by the latest cyber attack.  He said his trust had a “focus on perimeter security” and then worked back to the desktop.

“This is then followed up by lots of IG security pop ups and finally upgrading (painfully) windows XP to windows 7…” He added,

“NHS Digital have to take a lead on this and enforce standards for us locally to be able to use.”

He also suggests that NHS Digital sign a Microsoft Enrollment for Windows Azure [EWA] agreement as it is costly arranging such a deal locally.

 “NHS Digital must for me, step in and provide another MS EWA as I am sure the disruption and political fall-out will cost more. Introduce an NHS MS EWA, introduce standards for software suppliers to comply with latest OS and then use CQC to rate organisations that do not upgrade.”

Another comment on the Digital Health website says that even those organisations that could afford the deployment costs of moving from XP to Windows 7 were left with the “professional” version, which “Microsoft has mercilessly withdrawn core management features from (e.g. group policy features)”.

The comment said,

“There are a lot of mercenary enterprises taking advantage of the NHS’s inability to mandate and coordinate the required policies on suppliers which would at least give the under-funded and under-appreciated IT functions the ability to provide the service they so desperately want to.”

A third comment said that security and configuration management in the NHS is “pretty poor”. He added, “I don’t know why some hospitals continue to invest in home-brew email systems when there is a national solution ready and paid for.

“In this recent attack most the organisations hit seem to use local email systems.”

He also criticised NHS organisations that:

  • Do not properly segment their networks
  • Allow workstations to openly and freely connect to each other in a trusted zone.
  • Do not have a proper patch / update management regime
  • Do not firewall legacy systems
  • Don’t have basic ACLs [access control lists)

Three lessons?

  • Give GDS the ability to mandate no matter how many Sir Humphreys would be upset at every challenge to their authority. Government would work better if consensus and complacency at the top of the civil service were regarded as vices, while constructive, effective and forceful criticism was regarded as a virtue.
  • Give the NHS money to spend on the basic essentials rather than nice-to-haves such as a paperless NHS, trust-wide wi-fi, smartphone apps, telehealth and new websites. The essentials include interoperability – so that, at the least, all trusts can send test results and other medical information electronically to GPs –  and the upgrading of medical devices that rely on old operating systems.
  •  Plan for making the NHS less dependent on monolithic Microsoft support charges.

On the first day of the attacks, Microsoft released an updated patch for older Windows systems “given the potential impact to customers and their businesses”.

Patches are available for: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, and Windows 8 x64.

Reuters reported last night that the share prices of cyber security companies “surged as investors bet on governments and corporations spending to upgrade their defences”.

Network company Cisco Systems also closed up (2.3%), perhaps because of a belief that it would benefit from more network spending driven by security needs.

Security company Avast said the countries worst affected by WannaCry – also known as Wannacypt – were Russia, Taiwan, Ukraine and India.

Comment

In a small room on the periphery of an IT conference on board a cruise ship , nearly all of the senior security people talked openly about how their board directors had paid ransoms to release their systems after denial of service attacks.

Some of the companies – most of them household names – had paid ransoms more than once.

Until then, I’d thought that some software suppliers tended to exaggerate IT security threats to help market their solutions and services.

But I was surprised at the high percentage of large companies in that small room that had paid ransoms. I no longer doubted that the threats – and the damage – were real and pervasive.

The discussions were not “off-the-record” but I didn’t report their comments at the time because that would doubtless have had job, and possibly even career ramifications, if I had quoted the security specialists by name.

Clearly ransomware is, as the GCHQ expert Kieran Martin put it, a global business but, as ransoms are paid secretly – there’s not a whisper in corporate annual accounts – the threat has not been taken seriously enough in some parts of the NHS.

The government’s main defence is that the NHS was not targeted specifically and that many private organisations were also affected.

But the NHS has responsibility for lives.

There may be a silver lining if a new government focuses NHS IT priorities on the basics – particularly the structural defects that make the health service an easy target for attackers.

What the NHS doesn’t need is a new set of politicians and senior civil servants who can’t help massaging their egos and trying to immortalise their legacy by announcing a patchwork of technological marvels that are fun to work on, and spend money on, but which gloss over the fact that much of the NHS is, with some notable exceptions, technologically backward.

Microsoft stockpiled patches – The Register

UK government, NHS and Windows XP support – what really happened – Computer Weekly

NHS letter on patches to counter cyber attack

Multiple sites hit by ransomware attack – Digital Health (31 comments)

Lessons from the WannaCrypt – Wannacry – cyber attack according to Microsoft

 

Advertisements

MPs suggest Cabinet Office is losing its grip on departments – but does it care?

By Tony Collins

The Register has an excellent piece by Kat Hall on how the Cabinet Office is losing its grip on Government departments.

Citing the annual report of the all-party Public Accounts Committee, Hall says there are issues where “departments repeatedly don’t do what they have been told or asked to do by the centre”.

An analysis by The Register found that

“government departments are winning significantly more exemptions to splash the cash on expensive IT projects since the departure of former Cabinet Office minister Francis “Mad Frankie” Maude last year”.

Chair of the Public Accounts Committee Meg Hillier said: “After my second year as Chair I am increasingly concerned about the long-term accountability of senior civil servants.

“The game of musical chairs starts as one Permanent Secretary moves on and they all change jobs in the system. And few are in post long enough to have a vested interest in the long-term aims of their department or a project.

“And there is the age-old tension between a department and central Whitehall through the Cabinet Office.”

Universal Credit and HMRC’s plans to overhaul its Aspire IT contract – the biggest in Europe – were outlined as being two areas of concern. As was the Home Office’s Emergency Services Network.

“The Home Office seemed to downplay the risks to the contract and its being caught unawares by the contractor does not reassure us that the Department is on top of the contract or this project. This could cost the taxpayer dear,” it said.

Comment:

It’s hard to argue with a comment on Hall’s piece by @JagPatel3 who suggests that some in Whitehall are as preoccupied with spin as with the efficient delivery of public services.

“… Government is preoccupied with presentation, manipulation of words and the dark art of spinning – instead of working on its programme of reform to deliver public services efficiently, to satisfy the wants, needs and expectations of the electorate.

“The political imperative of needing to put a positive slant on everything the Government does or will do, irrespective of whether it is true or not, is the reason why spin has become the centrepiece of this Government’s communications strategy.

“And because Government has got a monopoly on inside information (enabling it to maintain extremely tight control), it uses spin to divert attention away from the key issues that really matter to citizens …

“the eagerness with which senior Civil Servants have complied with their political masters’ desire to see policy announcements framed around presentation and spin, at the expense of substance, would explain why their skills set has been narrowed down to this single, dark art.”

The commentator also says that the “intense focus of attention on presentation alone has resulted in a massive gap opening up between the leadership and lower ranks of the Civil Service, who have to deal with the reality of delivering public services on the ground, on a day-to-day basis, which has in itself, led to alienation and disaffection”.

A good summary. Many ordinary civil servants are doing the hard work of delivering public services while a few of their masters are preoccupied with keeping what they do secret and justifying or defending all else that is published in National Audit Office reports, other third-party reports or leaked emails.

It’s hardly surprising the Cabinet Office is losing control of departments. Since Maude’s departure it doesn’t want control. It has become clear that it wants, in a hassle-free way,  to continue with Sir Humphrey’s non-integrated approach to government.

The Cabinet Office is just another Whitehall department. Why would it want to be an “enforcer?”

Whitehall to auto-extend outsourcing deals using Brexit as excuse?

By Tony Collins

Type of government procurement spend 2014-2015. ICT is the top item.
Source: National Audit Office

Under a headline “UK outsourcing deals extended because of Brexit workload”, the Financial Times has reported that “hundreds of government contracts with the private sector that were due to expire are to be automatically extended because civil servants are too busy with Brexit to focus on new and better-value tenders”.

The FT says the decision to roll over the contracts could prove expensive for taxpayers because it limits competition and undermines government efforts to improve procurement.

A “procurement adviser to the government” whom the FT doesn’t name, said more than 250 contracts were either close to expiring or had already expired in 2016-17. The adviser told the FT,

“Brexit has pushed them down the list of priorities so there are lots of extensions and re-extensions of existing deals.”

The adviser added that this was the only way civil servants could prioritise the huge increase in Brexit-related work since the referendum.

Extensions

The FT provides no evidence of automatic contract extensions or the claim that deals will be extended because of the civil service’s Brexit workload.

There is evidence, however, that Whitehall officials tend to extend contracts beyond their original expiry date.

In a report published this year on the Cabinet Office’s Crown Commercial Service, the National Audit Office identified 22 framework contracts that were due to expire in 2016-17. Half of them (eleven) were extended beyond their original expiry date.

[The Crown Commercial Service was set up in 2014 to improve state procurement.]

The NAO also found that Whitehall departments – and the Crown Commercial Service – have been awarding contracts using expired framework deals, even though this contravenes public contracting regulations.

In 2015-16, 21 of the 39 frameworks that were due to expire were extended without competition or market testing, according to the NAO.

One example of an extended contract is a deal between Capita and the Department for Work and Pensions which started in 2010. Capita provides eligibility assessments for the personal independent payment allowance, which supports for people with long-term ill health or disability.

The five-year deal was extended by two years until July 2019.

Capita has also won a three-year extension to a contract with the Pensions Regulator and the BBC has extended a deal with Capita that was signed originally in 2002 to June 2022 – a total of at least 20 years.

Open competition?

The NAO has found that extending ICT contracts may not always be good for taxpayers. In the later years of their government contracts, suppliers tend to make higher margins (though not always).

There are also suggestions that civil servants will sometimes sign contract extensions when the performance of the supplier does not meet expected standards.

On ICT, the Cabinet Office asks central departments to complete a return every six months for each business process outsourcing and facilities management contract above £20m with strategic suppliers.

The survey asks whether the contract is being delivered on time, to scope, to budget, to the appropriate standards, and whether there have been any disputes.

In one study of government contracts with ICT suppliers, the NAO found that, of 259 returns from departments, 42 highlighted problems that included,

  • failure to achieve milestones
  • dissatisfaction with quality of outputs
  • errors and other issues with delivery
  • poor customer engagement and end user dissatisfaction and
  • failure to meet key performance indicators.

Comment

For taxpayers there is some good news.

A break-up of “Aspire”, the biggest IT outsourcing long-term deal of all, between HMRC and Capgemini (and to a lesser extent Fujitsu) – worth about £9bn – is going ahead this June. An HMRC spokesman says,

“HMRC is on track to complete the phased exit from Aspire, as planned, by June 2017.”

And according to Government Computing, Defra’s IT outsourcing contracts with IBM and Capgemini under a £1.6bn contract called “Unity” are due to expire in 2018 and there are no signs the deals will be extended.

But the Department for Work and Pensions’ huge IT outsourcing contracts with the same major suppliers are renewed routinely and not always with open competition. The DWP says on its website,

“DWP contracts are awarded by competition between potential suppliers, unless there are compelling reasons why competition cannot be used.”

The DWP doesn’t define “compelling”. Nor is it clear whether its auditors look at whether the DWP has put up a compelling case for not putting a large IT contract out to open competition.

In 2014 the Public Accounts Committee, after investigating major suppliers to government, concluded,

“Government is clearly failing to manage performance across the board, and to achieve the best for citizens out of the contracts into which they have entered.

“Government needs a far more professional and skilled approach to managing contracts and contractors, and contractors need to demonstrate the high standards of ethics expected in the conduct of public business, and be more transparent about their performance and costs”.

Breaking up is hard to do

The break up of the huge Aspire IT outsourcing contract at HMRC is an exception, not the rule. The NAO has found that civil servants regard their major incumbent suppliers as safe and less risky than hiring a smaller company (that’s not steeped in Whitehall’s culture).

The NAO has also found that in some cases officials don’t know whether their suppliers are performing well or not. On many ICT contracts there is “open book” accounting, but not all departments have the staff or expertise to check regularly on whether their suppliers’ profits are excessive.

If Whitehall, with exceptions, is continuing to roll over contracts whether it’s legal to do so or not, what incentive exists to stick to the rules?

Brexit?

The FT story suggests Brexit is the reason hundreds of contracts are to be extended automatically. There’s probably truth in the automatic extension of some contracts – but it’s unlikely to be because of Brexit.

It’s unlikely that the civil servants involved in Brexit will be the same ones who are handling ICT contract extensions. That said, Brexit will inevitably put a higher workload on lawyers working for government.

If contracts are being extended automatically, it’s probably because that’s the way it has always been, at least within living memory.

While Sir Humphrey and his senior officials remain only nominally accountable to Parliament for how they spend taxpayers’ money, the easiest option of renewing or extending existing contracts will usually be seen as the best option.

It can be justified with “compelling” arguments such as a need to make an urgent decision in difficult circumstances, or the absence of alternative suppliers who have the necessary skills or the financial strength to accept the risks of failure.

Will anything change?

Until departments have to publish contemporaneously their intentions to award contracts without open competition or there is effective accountability within the civil service for major decisions, little is likely to change.

It hasn’t happened yet and there’s no reason to believe it will.  Many politicians including prime ministers have tried to reform the civil service and they haven’t ruffled a single carpet in the corridors of Whitehall.

As Antony Jay, co-writer of Yes Minister,  said in January 2013,

“The central anomaly is that civil servants have years of experience, jobs for life, and a budget of hundreds of billions of pounds, while ministers have, usually, little or no experience of the job and could be kicked out tomorrow.

” After researching and writing 44 episodes and a play, I find government much easier to understand by looking at ministers as public relations consultants to the real government – which is, of course, the Civil Service.”

In short, Brexit is likely to be officialdom’s up-to-date excuse for carrying on much as before.

Thank you to @TimMorton2 for alerting me to the FT article.

Large suppliers still dominate government IT

By Tony Collins

In 2012, the then Cabinet Office minister Francis Maude, lamented the high costs of government IT and spoke of an “oligopoly” of large suppliers. He suggested things would change.

“… contracts were consistently awarded to a limited number of very large suppliers on long-term exclusive contracts.

“As a result there was inadequate competition and an abdication of control. The concept of having one supplier, aggregated supply, increased project risk and removed competitive tension.

“The Government repeatedly found itself paying large amounts for systems that were delivered late, over budget and which often did not fully meet the original policy requirement.  If indeed, they were delivered at all. There are plenty of well-documented disasters – such as DH’s now terminated National programme for IT.

“Ultimately, the last Government lost control of IT – it outsourced not only delivery, but its entire strategy and ability to shape the future of our public services.

“At the same time smaller, more innovative and efficient suppliers were finding themselves locked out of the supply of services to Government because of what was described by Parliament as a powerful “oligopoly” of large suppliers.

“Procurements took so long only the big companies could absorb the cost – which they naturally passed on to us.

“All in all, we had an approach that was bad for users, bad for the taxpayer and bad for growth.”

Public sector IT spending was up to £20bn a year, he said, adding that “public sector productivity was actually declining”.  He outlined how things were changing.

What has happened since?

A report published today by the National Audit “Digital Transformation in Government” raises a question of how much has changed.

Efforts to boost the SME share of government IT business “have had some impact”, says the National Audit Office, but it adds that “most government procurement with digital and technology suppliers continues to be with large organisations”.

“In 2015-16, 94% of such spending was with large enterprises, a fall of less than one percentage point since 2012-13.”

Today’s NAO report is mainly about the Cabinet Office’s Government Digital Service – GDS. It points out GDS’s strengths and weaknesses but in general does not give any advice on the sensitive point of whether it should have more or less influence on government IT.

On digital transformation, it says that the work of the NAO shows that attempts to transform government have had mixed success.

“Many public services appear increasingly unsustainable. Those responsible for major programmes have continued to exhibit over-optimism and make slow progress towards their objectives.”

It adds,

“Digital transformation has a mixed track record across government. It has not yet provided a level of change that will allow government to further reduce costs while still meeting people’s needs.

“GDS has also struggled to demonstrate the value of its own flagship initiatives such as Verify, or to set out clear priorities between departmental and cross-government objectives.

“GDS’s renewed approach aims to address many of these concerns as it expands and develops into a more established part of government. But there continues to be a risk that GDS is trying to cover too broad a remit with unclear accountabilities.

“To achieve value for money and support transformation across government, GDS needs to be clear about its role and strike a balance between robust assurance and a more consultative approach.”

Comment

The National Audit Office report is strong on facts and quality of research but avoids the big question of how GDS can bring about change when the top brass in departments prefer autonomy to what they see as GDS’s interference.

GDS’s existence goes to the heart of how the civil service runs. It is one part of the civil service trying to bring about change in other parts of the civil service.

And the evidence so far is that the civil service doesn’t like change.

The NAO report disappoints because it doesn’t address how government IT is to change if departments are to continue to run empires unchallenged by GDS or the heads of the civil service. Sir Humphrey is still king.

GDS scrutinises departmental IT spending – spending applications are reviewed by a team of eight people within GDS’s Standards Assurance team – but, much to Sir Humphrey’s delight, GDS’s influence seems to be waning.

When Jack Straw was Justice secretary, he told MPs in 2007 that when he abandoned projects there was a fuss at first and soon nobody noticed the project did not exist.

“There is always the option to abandon things. I did that in the Foreign Office with much complaint that the world might end.

“What happened was that we saved a lot of money and no one ever noticed the fact that that scheme did not exist…it is very frustrating that so many people, including the private sector, are taken in by snake oil salesmen from IT contractor who are not necessarily very competent and make a lot of money out of these things. I am pretty intolerant of this.”

How much has changed? Outsiders including Jack Straw and Francis Maude, together with insiders such as Chris Chant have pointed to the need for major changes in the way departments manage huge IT budgets and there have been some improvements: HMRC’s is breaking up its monolithic “Aspire” contract, citizens may notice that it is possible now to renew passports and driving licences online and GDS has had an impact in making departments think hard about whether they really need to spend the amounts they do on major IT contracts.

But major change in the costs of government IT seems not just a long way off but unattainable while the dominance of Sir Humphrey remains unchallenged.

Digital Transformation in Government – NAO report

Central buying of IT and other services is a bit of a shambles – just what Sir Humphrey wants?

By Tony Collins

Cabinet Office entrance

Cabinet Office entrance

Like the Government Digital Service, the Crown Commercial Service was set up as a laudable attempt to cut the huge costs of running central government.

The Cabinet Office under Francis Maude set up the Crown Commercial Service [CCS] in 2014 to cut the costs of buying common products and services for Whitehall and the wider public sector including the NHS and police.

It has a mandate to buy commodity IT, other products and services and whatever can be bought in bulk. It has had some success – for example with negotiating lower prices for software licences needed across Whitehall. The skills and knowledge of its civil servants are well regarded.

But, like the Government Digital Service, CCS has had limited support from permanent secretaries and other senior officials who’d prefer to protect their autonomy.

It has also been hindered by unachievable promises of billions of pounds in savings. Even CCS’s own managers at the time regarded the Cabinet Office’s plans for huge savings as over-optimistic.

Yesterday [13 December 2016] the National Audit Office published a report that questioned whether CCS has paid its way, let alone cut public sector costs beyond what civil and public servants could have achieved without it.

CCS employed 790 full-time equivalent staff in 2015/16 and had operating costs in one year alone of £66.3m

This was the National Audit Office’s conclusion:

“CCS has not achieved value for money. The Cabinet Office underestimated the difficulty of implementing joint buying for government. With no business case or implementation plan CCS ran into difficulties. Net benefits have not been tracked so it cannot be shown that CCS has achieved more than the former Government Procurement Service would have.

“However, the strategic argument for joint buying remains strong and CCS is making significant changes to improve future services.”

Some of the NAO’s detailed findings:

  • The public sector spends £2.5bn directly with CCS – £8bn less than originally forecast.
  • Seven departments buy directly through CCS – 10 fewer than originally forecast
  • The forecast of £3.3bn net benefits from the creation of CCS over the four years to 2017-18 are  unlikely to materialise.
  • The National Audit Office says the actual net benefits of CCS to date are “unknown”.
  • The Cabinet Office did not track the overall benefits of creating CCS.
  • Most of the planned transfers of procurement staff from central departments and the wider public sector to CCS haven’t happened.
  • Where some of the workforce has transferred, some departments have rehired staff to replace those who transferred.
  • Departments continue to manage their own procurement teams, although they use CCS’s frameworks.
  • CCS was set up with the power to force central departments to use its bulk buying services. But that power wasn’t enforced.
  • The National Audit Office says it is “no longer clear whether CCS has a clear mandate that requires all departments to use it for direct buying… it no longer has a clear timetable or expectation that further departments will transfer staff or buying functions to CCS”.

It’s all a far cry from the expectations set by a Cabinet Office announcement in 2013 which said that CCS will “ensure maximum value for the taxpayer is extracted from every commercial relationship”.

The then Cabinet Office minister Francis Maude said at the time,

“The new Crown Commercial Service will ensure a step change in our commercial capability, giving government a much tighter grip on all aspects of its commercial performance, from market engagement through to contract management.”

Comment

Why CCS has failed so far to make much difference to Whitehall’s costs is not clear. It seems to have been hit by a combination of poor management at the outset, a high turnover of senior officials and ludicrously high expectations, combined with a civil service reluctance in central departments and the wider public sector to cede control over procurement to CCS –  even when it comes to common products and services.

The NAO report is a reminder of a fundamental flaw in the way government works: central departments can’t in practice be forced to do anything. They are a power unto themselves. The Cabinet Office has powers to mandate a change of practice and behaviour in central departments – to which Sir Humphrey can shrug his shoulders and change nothing

Even the Prime Minister is, in practice, powerless to force departments to do something they don’t want to do (except in the case of the miscarriage of justice that involved two Chinook pilots who were eventually cleared of gross negligence because the then defence secretary Liam Fox, through a series of manoeuvres, forced the MoD to set the finding aside).

The CCS may be doomed to failure unless the Cabinet Office rigorously enforces its mandate to make government departments use its buying services.

If the Cabinet Office does not enforce its power, Sir Humphrey will always protect his turf by arguing that the products and services his officials buy – including IT in general – are specific and are usually tailored to the department’s unique and complex needs.

Much to the relief of Sir Humphrey, Francis Maude, the battle-hardened enforcer at the Cabinet Office, has left the House of Commons. He has no comparable replacement.

Are all central initiatives aimed at making  a real dent in the costs of running Whitehall now doomed to failure?

Sir Humphrey knows the answer to that; and he’s wearing a knowing grin.

Crown Commercial Service – National Audit Office report

 

Barnet Council claims £31m savings with Capita – and not an auditor in sight.

By Tony Collins

capita

It’s commendable that Barnet Council has published much material on its three-year review of a £322m 10-year outsourcing contract with Capita.

More than a dozen council reports and appendices cover every aspect of the contract.

The quantity of material seems, on the face of it, to answer critics of the outsourcing deal, among them local bloggers, who have pointed to the lack of reliable evidence of the savings achieved. The suspicion is that costs have increased and council services including ICT have deteriorated since Capita took over in 2013.

Now the council has ostensibly proved that the opposite is the case. Barnet’s press release says,

Barnet Council and Capita contract delivers £31m savings

“A review of a contract between Barnet Council and Capita has demonstrated it is delivering significant benefits to the borough with overall savings of £31 million achieved alongside increased resident satisfaction…

“In terms of satisfaction with services provided, the review, showed 76 per cent of residents were satisfied with the outward-facing customer services, up from 52 per cent before the contract was established.

“This increase was even more significant in respect of face to face services, as 96 per cent of residents who engaged with the council in this way said they were satisfied compared with a previous 35 per cent.

“The review also showed that the cost of delivering the bundle of services provided in the contract is now £6m a year less than before the contract was signed and that 90 per cent of the contract’s key performance indicators being met or exceeded.”

The press release quotes two leaders of the council saying how pleased they were with the contract. Capita calls it a “positive review”.

The review has various mentions of items of additional spending including £9m on ICT and it’s not clear whether the extra sums are taken into account in the savings figures.

Among the review’s suggestions is that the council pay Capita’s annual management fee of £25m up front – a year in advance – instead of every quarter in return for extra savings.

The review also raises the possibility of extending the contract beyond the 10 years in return for additional savings. Capita is “keen” to explore this suggestion (though it could tie the hands of a future council administration).

The review reports were compiled by council officers who reported to a working group of Tory and Labour councillors, under a much-respected Tory chairman. By a small margin, Conservatives run the council.

Lack of independent challenge?

It’s unclear why the council did not commission its audit committee, or auditors, to review the contract. In the past the audit committee has been critical of some aspects of the contract.

For this reason the reports are unlikely to silence critics of Barnet’s outsourcing deal. Council officers compiled the review’s findings, not auditors.

As a result, despite the volume of published written material, there is no evidence that the figures for savings have been independently verified as accurate.

Neither is there independent verification of the methods used by officers for obtaining the figures.

Further, some observers may question the positive tone of the review findings. The “good news” tone may be said to be at odds with the factual neutrality of, say, reports of the National Audit Office.

There are also questions about whether the council is providing enough effective challenge to Capita’s decisions and figures.

At a council committee meeting in November 2016 to discuss the review reports, the most informed challenges to the findings appear to have come not from Barnet councillors but two local bloggers, Mrs Angry and Mr Reasonable, who questioned whether the claimed savings could be more than wiped out by additional spending – including an extra £9m on ICT. They appear to have received no clear answers.

Concerns of some officials

The body of the review reports outline some of the concerns of staff and directors. Mrs Angry quotes some of the concerns from the review reports:

“Transparency of costs, additional charges and project spend were raised as key concerns. It was felt that CSG [Barnet’s Customer and Support Group, for which Capita is responsible] are often reluctant to go above and beyond the requirements of the contract without additional charges.

“Directors reported that the council needs to be more confident that solutions suggested by CSG, particularly for projects and capital spend are best value.

“Concerns were raised that CSG has a disproportionate focus on the delivery of process and KPIs over outcomes, creating a more contractual rather than partnership relationship between CSG and the council. Directors noted that many KPIs are not relevant and their reporting does not reflect actual service performance.”

The Capita contract began in September 2013, under which it provides finance, ICT, HR, Customer Services, Revenues and Benefits, Procurement, Estates and Corporate Programmes.

Comment

On the face of it, Barnet Council’s review of the Capita contract looks comprehensive and impressively detailed.

Looked at closely it’s disappointing – a wasted opportunity.

Had the council wanted the review’s findings to be widely believed, it would have made it uncompromisingly independent, in line with reports by the National Audit Office.

As it is, the review was carried out by council officers who reported to a working group of councillors. The working group comprised Labour as well as Tory councillors but the facts and figures were compiled by officers.

Nearly every page of every Barnet review report has a “good news” feel. There’s an impression that negative findings are played down.

Example:

“It should be noted that the failure to meet the target for KPI 30 related to one quarter only [my italics] and discussions are continuing regarding the application of the above service credit.”

Some negative findings are immediately countered by positive statements:

“CIPFA benchmarking data shows that the cost of the ICT service is slightly above the median, but below upper quartile in terms of the cost of the service as a percentage of organisational running costs.”

Another example of a negative finding immediately countered by a positive one, which may be said to be one hallmark of a non-independent report:

“One key area of concern in terms of overall performance is internal customer satisfaction… Survey results in respect of the financial year 2015/16 were universally poor, with all services failing to meet the target of upper quartile customer satisfaction. As a result, service credits to a total value of £116k have been applied in respect of these KPIs.

“To some extent, a degree of dissatisfaction amongst internal service users is to be expected, given the fact that cost reductions have been achieved to a large extent through increased self-service for both managers and staff, along with more restrictive processes and controls over things like the payment of invoices and the appointment of staff.

“Despite the survey outcomes indicating a low level of satisfaction, the interviews conducted with staff and managers as part of this Review suggest that services are generally considered to be improving.”

Integra ERP financial system a “success” – ?

The review report describes Capita’s introduction of the Integra financial system as “successful”. Elsewhere, however, it says,

“Many users raised issues with the Integra finance system, describing it as clunky and not user-friendly or intuitive.”

Double counting?

There’s no evidence that savings figures have been checked for possible inadvertent double counting on overlapping services. Double counting of savings is regularly found in National Audit Office reports.

“There are no standardised way for departments to evidence the reductions in ongoing expenditure,” said the National Audit Office in a report on Cabinet Office savings in July 2014. “Departments provided poor evidence, and double counting was highly likely as projects reduced staff or estates requirements.”

In a separate report on claimed savings in central government, the National Audit Office quoted the findings of an internal audit …

“A number of errors (instances where the evidence did not support the assertion) were found during our review and total adjusted accordingly … In addition, a number of savings were double counted with other savings categories and these have now been removed…

“We assessed some £200m of other savings as Red because they were double counted due to the same savings having been claimed by different units or, for example, because savings on staff were also claimed through reductions in average case costs.”

Omitted costs?

The omission of relevant costs could skew savings figures. It’s unclear from Barnet’s review reports whether extra spending of millions of pounds on, for example, ICT have been taken into account. Barnet blogger Mr Reasonable, who has a business background, raises the question of whether £65m of additional spending has been taken into account in the savings figures.

Reverse Sir Humphrey phenomenon?

The biggest single flaw in the review reports is that they appear worded to please the councillors who made the decision to outsource – the reverse of the “Sir Humphrey” caricature. The positive tone of Barnet’s reports implies that officers are – naturally – deferring to their political leaders.

In a BBC Radio 4 documentary on Whitehall, former minister Peter Lilley talked about how some officials spend part of their working lives trying to please their political leaders.

“Officials are trying to work out how to interpret and apply policy in line with what the minister’s views on the policy is …. They can only take their minister’s written or spoken word for it and that has a ripple effect on the department far greater than you imagine… Making speeches is the official policy of the department and that creates action.”

Another former minister Francis Maude told the BBC he found that too few officials were willing to say anything the minister did not want to hear.

“The way it should work is for civil servants give very candid well informed advice to ministers about what it is ministers want to do – the risks and difficulties,” said Maude. “My experience this time round in government, 20 years on from when I was previously government, is that the civil service was much less ready to do that.

“There were brilliant civil servants who were perfectly ready to tell you things that they thought you might not want to hear but there were too few of them.”

Barnet’s reviewing officers might have been dispassionately independent in reporting their findings and double checking the supplied figures – but who can tell without any expert independent assessment of the review?

The US Sabanes-Oxley Act, which the Bush administration introduced after a series of financial scandals, defines what is meant by an “independent” audit. The Act prohibits auditing by anyone who has been involved in a management function or provided expert services for the organisation being audited.

That would disqualify every Barnet officer from being involved in an independent audit of their own council’s contract with Capita.

The Act also says that the auditor must not have been an employee of the organisation being audited. Again that would disqualify every Barnet officer from an independent audit of their own council’s contract.

Review a waste of time and money?

It would be wrong to imply that the review is a pointless exercise. It identifies what works well and what doesn’t. It will help officers negotiate changes to the contract and to key performance indicators. For example it’s of little value having a KPI to answer phone calls within 60 seconds if the operator is unable to help the caller.

What the review does not provide is proof of the claimed savings. Barnet’s press release announcing savings of £31m is just that – a press release. It does not pretend to be politically neutral.

But without independent evidence of the claimed savings, it’s impossible for the disinterested observer to say that the Capita contract so far has been a success. Neither does evidence exist it has failed.

Capita share price at 10-year low

What is clear is that fixing some of the more serious problems identified in the report, such as obsolescent IT, will not be easy given the conflict between the continuing need for savings and Capita’s pressing need to improve the value of its business for shareholders, against a backdrop of difficulties on a number of its major contracts [Transport for London, Co-op Bank, NHS] and a share price that was yesterday [30 November 2016] at a ten-year low.

The review also raises a wider question: are most of a council’s busy councillors who come to council meetings in their free time equipped to read through and digest a succession of detailed reports on the three-year interim results of a complex outsourcing contract?

If they do glance through them, will they have enough of a close interest in the subject, and a good understanding of it,  to provide effective challenge to council officers and their political leaders?

If nothing else, the Barnet review shows that councillors in general cannot provide proper accountability on an outsourcing contract as complex as Capita’s deal with Barnet.

Either council tax payers have to put their faith in officers, irrespective of the obvious pressure for officialdom to tell its political leaders what they want to hear, or council taxpayers can put their faith in an independent audit.

Barnet Council has not given its residents any choice.

It’s a pity that when it comes to claimed savings of £31m there’s not an auditor in sight.

Barnet declares its contract a success – Barnet and Whetstone Press

Mr Reasonable – important questions on the Capita review

Mrs Angry – who writes compellingly on the council meeting where the review reports were discussed.

DWP derides claimant complaints over digital rollout of Universal Credit

By Tony Collins

dwpLess than 24 hours after the Institute for Government criticised the DWP’s “tendency not to acknowledge bad news”, the department’s press office has poured scorn on complaints to an MP about problems with the rollout of Universal Credit’s “digital” system.

A spokesman for the Department for Work and Pensions has described as “anecdotal” complaints by the public about the “full” digital Universal Credit system in south London.

The DWP has declined to publish reports that would give a factual account of the performance of the Universal Credit digital system during rollout.  Its spokespeople can therefore describe claimant complaints as “anecdotal”.

Cheap

Ministers hope that the in-house and cheaply-developed “full”  digital system will ultimately replace a “live” service that has many workarounds, has cost hundreds of millions of pounds,  has been built by the DWP’s traditional IT suppliers, and deals with only limited groups of claimants.

But the agile-developed digital system has had its problems at a pilot site in Scotland – where the DWP described claimant complaints of being left penniless as “small-scale”.

Now similar problems with the digital system have emerged in south London.

Carshalton and Wallington Liberal Democrat MP Tom Brake told the Guardian yesterday that “on a weekly basis I see residents who don’t receive payments or are forced to use a clunky system which is unusable and unsuitable for people with disabilities.”

He added,

“Every day new problems arise as a result of poor staff training, IT failures and poor IT systems.”  He said problems with a local pilot scheme of the digital system is having a serious effect on many people’s lives.

Problems highlighted by Brake include:

  • Flaws in the online system that prevent people from uploading copies of bank statements and other documents needed to secure payments for childcare places.
  • Long administrative delays and mix-ups over payments to claimants, frequently resulting in their running up arrears or being forced to turn to food banks.
  • Failure to pay, or abruptly ceasing without warning to pay, housing costs on behalf of vulnerable claimants, leaving them at risk of eviction.

A DWP spokesman told the Guardian, “It’s misleading to draw wider conclusions from the anecdotal evidence of a small number of people.

“The reality is people claiming universal credit are moving into work faster and staying in work longer than under the previous system. We are rolling out the UC service to all types of benefit claimants in a safe and controlled way so we can ensure it is working effectively for everyone.”

universal creditNot accepting bad news

Yesterday the Institute for Government published two reports on Universal Credit, focusing on the political, managerial and IT aspects. One of the reports “Learning Lessons from Universal Credit” by Emma Norris and Jill Rutter referred to the DWP’s need to combat its ‘no bad news’ culture.

It said the DWP had a “tendency to not acknowledge bad news, or to acknowledge it insufficiently”. It said “good news culture that prevailed within the DWP, with a reluctance to tell ministers of emerging problems, was a real barrier to identifying and addressing them”. 

Two Parliamentary committees, the Public Accounts Committee and the Work and Pensions have criticised the DWP’s inability to face up to bad news, and its selective approach to the dissemination of information.

“Burst into tears”

The other Institute for Government report published yesterday on Universal Credit – Universal Credit, from disaster to recovery? –  quoted an insider as saying that some of those in the  DWP’s IT team at Warrington burst into tears, so relieved were they to discover that they could tell someone the truth about problems with Universal Credit’s digital system.

In a DWP paper that an FOI tribunal judge has ruled can be disclosed, the DWP conceded that officials lacked “candour and honesty throughout the [Universal Credit IT] Programme and publicly”.

Comment

Problems with the digital system are to be expected.

What’s not acceptable is the DWP’s patronising or scoffing attitude towards claimants who’ve experienced problems with the systems.

In describing the complaints to MP Tom Brake as “anecdotal” the DWP’s hierarchy is aware that it is keeping secret reports that give the facts on the performance of the digital system at pilot sites.

Indeed the DWP is habitually refusing FOI requests to publish reports on the performance of its IT systems. Which enables it to describe all clamant complaints as “anecdotal”.

Test and see

The DWP is taking a “test and see” approach to the roll-out of Universal Credit’s digital system. This means in essence it is using the public as test guinea pigs.

Harsh though this will sound, the DWP’s testing philosophy is understandable. Trying out the digital system on claimants may be the only practical way to bring to the surface all the possible problems. There may be too many complexities in individual circumstances to conduct realistic tests offline.

But why can’t the DWP be open about its digital test strategy? Are its officials – including press officers – locked forever into the culture of “no bad news”?

This denial culture, if it’s maintained, will require the DWP to mislead Parliamentary committees, MPs in general, the public and even stakeholders such as local authorities.

Two select committee reports have criticised the DWP’s prevarications and obfuscations. A chairwoman of the Work and Pensions Committee Dame Anne Begg referred to the DWP’s  tendency to “sweep things under the carpet”.

The Institute for Government referred to even ministers being kept away from bad news.

Other evidence emerged in July 2016 of the DWP’s deep antipathy to external scrutiny and criticism.

It seems that the DWP, with its culture of denial and accepting good news only, would be more at home operating in the government administrations of China, North Korea or Russia.

Isn’t it time the DWP started acknowledging complaints about Universal Credit systems, apologising and explaining what it was doing about resolving problems?

That’s something the governments of China, North Korea and Russia are unlikely to do when something goes wrong.

For decades the DWP has been defensive, introspective and dismissive of all external criticism. It has misled MPs.

And it has done so with an almost eager, cheerful willingness.

But it’s never too late to change.

Digital Universal Credit system is plagued with errors, says MP

Excellent reports on lessons from Universal Credit IT are published today – but who’s listening?

Analysis of Universal Credit IT document the DWP didn’t want published

 

Inside Universal Credit IT – analysis of document the DWP didn’t want published

dwpBy Tony Collins

Written evidence the Department for Work and Pensions submitted to an FOI tribunal – but did not want published (ever) – reveals that there was an internal “lack of candour and honesty throughout the [Universal Credit IT] Programme and publicly”.

It’s the first authoritative confirmation by the DWP that it has not always been open and honest when dealing with the media on the state of the Universal Credit IT programme.

FOI tribunal grants request to publish DWP's written submission

FOI tribunal grants request to publish DWP’s written submission

According to the DWP submission, senior officials on the Programme became so concerned about leaks that a former member of the security services was brought in to lead an investigation. DWP staff and managers were the subjects of “detailed interviews”. Employee emails were “reviewed”, as were employee access rights to shared electronic areas.

Staff became “paranoid” about accidentally leaving information on a printer. Some of the high-security measures appear still to be in place.

Unpublished until now, the DWP’s written legal submission referred, in part, to the effects on employees of leak investigations.

The submission was among the DWP’s written evidence to an FOI Tribunal in February 2016.

The Government Legal Service argued that the DWP’s written evidence was for the purposes of the tribunal only. It should not be published or passed to an MP.

The Legal Service went further: it questioned the right of an FOI Tribunal to decide on whether the submission could be published. Even so a judge has ruled that the DWP’s written evidence to the tribunal can be published.

Excerpts from the submission are here.

Analysis and Comment

The DWP’s submission gives a unique glimpse into day-to-day life and corporate sensitivities at or near the top of the Universal credit IT programme.

It reveals the lengths to which senior officials were willing to go to stop any authoritative “bad news” on the Universal Credit IT programme leaking out. Media speculation DWP’s senior officials do not seem to mind. What appears to concern them is the disclosure of any credible internal information on how things are progressing on Universal Credit IT.

Confidential

Despite multiple requests from IT suppliers, former government CIOs and MPs, for Whitehall to publish its progress reports on big IT-based change programmes (some examples below), all central departments keep them confidential.

That sensitivity has little to do with protecting personal data.

It’s likely that reviews of projects are kept confidential largely because they could otherwise expose incompetence, mistakes, poor decisions, risks that are likely to materialise, large sums that have been wasted or, worst of all, a project that should have been cancelled long ago and possibly re-started, but which has been kept going in its original form because nobody wanted to own up to failure.

Ian watmore front cover How to fix government IROn this last point, former government CIO and permanent secretary Ian Watmore spoke to MPs in 2009 about how to fix government IT. He said,

“An innovative organisation tries a lot of things and sometimes things do not work. I think one of the valid criticisms in the past has been when things have not worked, government has carried on trying to make them work well beyond the point at which they should have been stopped.”

Individual accountability for failure?

Oblivious to MPs’ requests to publish IT progress reports, the DWP routinely refuses FOI requests to publish IT progress reports, even when they are several years old, even though by then officials and ministers involved will probably have moved on. Individual accountability for failure therefore continues to be non-existent.

Knowing this, MPs on two House of Commons select committees, Public Accounts and Work and Pensions, have called for the publication of reports such as “Gateway” reviews.

This campaign for more openness on government IT projects has lasted nearly three decades. And still Whitehall never publishes any contemporaneous progress reports on big IT programmes.

It took an FOI campaigner and IT projects professional John Slater [@AmateurFOI] three years of legal proceedings to persuade the DWP to release some old reports on the Universal Credit IT programme (a risk register, milestone schedule and issues log). And he had the support of the Information Commissioner’s legal team.

universal creditWhen the DWP reluctantly released the 2012 reports in 2016 – and only after an informal request by the then DWP secretary of state Stephen Crabb – pundits were surprised at how prosaic the documents were.

Yet we now know, thanks to the DWP’s submission, the lengths to which officials will go to stop such documents leaking out.

Understandable?

Some at the DWP are likely to see the submission as explaining some of understandable measures any government department would take to protect sensitive information on its largest project, Universal Credit. The DWP is the government largest department. It runs some of the world’s biggest IT systems. It possesses personal information on nearly everyone in Britain. It has to make the protection of its information a top priority.

Others will see the submission as proof that the DWP will do all it can to honour a decades-old Whitehall habit of keeping bad news to itself.

Need for openness

It’s generally accepted that success in running big IT-enabled change programmes requires openness – with staff and managers, and with external organisations and agencies.

IT-based change schemes are about solving problems. An introspective “good news only” culture may help to explain why the DWP has a poor record of managing big and successful IT-based projects and programmes. The last time officials attempted a major modernisation of benefit systems in the 1990s – called Operational Strategy – the costs rose from £713m to £2.6bn and the intended objective of joining up the IT as part of a “whole person” concept, did not happen.

Programme papers“watermarked”

The DWP’s power, mandate and funding come courtesy of the public. So do officials, in return, have the right to keep hidden mistakes and flawed IT strategies that may lead to a poor use – or wastage – of hundreds of millions of pounds, or billions?

The DWP’s submission reveals that recommendations from its assurance reports (low-level reports on the state of the IT programme including risks and problems) were not circulated and a register was kept of who had received them.

Concern over leaks

The submission said that surveys on staff morale ceased after concerns about leaks. IT programme papers were no longer sent electronically and were delivered by hand. Those that were sent were “double-enveloped” and any that needed to be retained were “signed back in”. For added security, Universal Credit programme papers were watermarked.

When a former member of the security services was brought in to conduct a leaks investigation, staff and mangers were invited by the DWP’s most senior civil servant to “speak to the independent investigator if they had any information”. This suggests that staff were expected to inform on any suspect colleagues.

People “stopped sharing comments which could be interpreted as criticism of the [Universal Credit IT] Programme,” said the submission. “People became suspicious of their colleagues – even those they worked closely with.

“There was a lack of trust and people were very careful about being honest with their colleagues…

“People felt they could no longer share things with colleagues that might have an honest assessment of difficulties or any negative criticism – many staff believed the official line was, ‘everything is fine’.

“People, even now, struggle to trust colleagues with sensitive information and are still fearful that anything that is sent out via email will be misused.

“For all governance meetings, all documents are sent out as password protected, with official security markings included, whether or not they contain sensitive information.”

“Defensive”

dwpLines to take with the media were added to a “Rolling Brief”, an internal update document, that was circulated to senior leaders of the Universal Credit IT programme, the DWP press office and special advisors.

These “lines to take” were a “defensive approach to media requests”. They emphasised the “positive in terms of progress with the Programme without acknowledging the issues identified in the leaked stories”.

This positive approach to briefing and media management “led to a lack of candour and honesty through the Programme and publically …”

How the DWP’s legal submission came about is explained in this separate post.

Were there leaks of particularly sensitive information?

It appears not. The so-called leaks revealed imperfections in the running of the Universal Credit programme; but there was no personal information involved. Officials were concerned about the perceived leak of a Starting Gate Review to the Telegraph (although the DWP had officially lodged the review with the House of Commons library).

The DWP also mentioned in its statement a leak to the Guardian of the results of an internal “Pulse” survey of staff morale – although it’s unclear why the survey wasn’t published officially given its apparent absence of sensitive commercial, personal, corporate or governmental information.

NPfIT

The greater the openness in external communications, the less likely a natural scepticism of new ways of working will manifest in a distrust of the IT programme as a whole.

The NHS’s National Programme for IT (NPfIT) – then the UK’s biggest IT programme costing about £10bn – was dismantled in 2011 after eight fraught years. One reason it was a disaster was the deep distrust of the NPfIT among clinicians, hospital technologists, IT managers, GPs and nurses. They had listened with growing scepticism to Whitehall’s oft-repeated “good news” announcements.

Ex-Government CIO wanted more openness on IT projects

When MPs have asked the DWP why it does not publish reports on the progress of IT-enabled projects, it has cited “commercial confidentiality”.

But in 2009, Ian Watmore (the former Government CIO) said in answer to a question by Public Account Committee MP Richard Bacon that he’d endorse the publication of Gateway reviews, which are independent assessments of the achievements, inadequacies, risks, progress and challenges on risky IT-based programmes.

“I am with you in that I would prefer Gateway reviews to be published because of the experience we had with capability reviews (published reports on a department’s performance). We had the same debate (as with Gateway reviews) and we published them. It caused furore for a few weeks but then it became a normal part of the furniture,” said Watmore.

Capability reviews are no longer published. The only “regular” reports of Whitehall progress with big IT programmes are the Infrastructure and Projects Authority’s annual reports. But these do not include Gateway reviews or other reports on IT projects and programmes. The DWP and other departments publish only their own interpretations of project reviews.

In the DWP’s latest published summary of progress on the Universal Credit IT programme, dated July 2016, the focus is on good news only.

But this creates a mystery. The Infrastructure and Projects Authority gave the Universal Credit programme an “amber” rating in its annual report which was published this month. But neither the DWP nor the Authority has explained why the programme wasn’t rated amber/green or green.

MPs and even IT suppliers want openness on IT projects

Work and Pensions Committee front coverIn 2004 HP, the DWP’s main IT supplier, told a Work and Pensions Committee inquiry entitled “Making IT work for DWP customers” in 2004 that “within sensible commercial parameters, transparency should be maintained to the greatest possible extent on highly complex programmes such as those undertaken by the DWP”.

The Work and Pensions Committee spent seven months investigating IT in the DWP and published a 240-page volume of oral and written in July 2004. On the matter of publishing “Gateway” reviews on the progress or otherwise of big IT projects, the Committee concluded,

“We found it refreshing that major IT suppliers should be content for the [Gateway] reviews to be published. We welcome this approach. It struck us as very odd that of all stakeholders, DWP should be the one which clings most enthusiastically to commercial confidentiality to justify non-disclosure of crucial information, even to Parliament.”

The Committee called for Gateway reviews to be published. That was 12 years ago – and it hasn’t happened.

Four years later the Committee found that the 19 most significant DWP IT projects were over-budget or late.

DWP headline late and over budget

In 2006 the National Audit Office reported on Whitehall’s general lack of openness in a report entitled “Delivering successful IT-enabled business change”.

The report said,

“The Public Accounts Committee has emphasised frequently the need for greater transparency and accountability in departments’ performance in managing their programmes and projects and, in particular, that the result of OGC Gateway Reviews should be published.”

But today, DWP officials seem as preoccupied as ever with concealing bad news on their big IT programmes including Universal Credit.

The costs of concealment

The DWP has had important DWP project successes, notably pension credits, which was listed by the National Audit Office as one of 24 positive case studies.

But the DWP has also wasted tens of millions of pounds on failed IT projects.

Projects with names such as “Camelot” [Computerisation and Mechanisation of Local Office Tasks] and Assist [Analytical Services Statistical Information System) were cancelled with losses of millions of pounds. More recently the DWP has run into problems on several big projects.

“Abysmal”

On 3 November 2014 the then chairman of the Public Accounts Committee Margaret Hodge spoke on Radio 4’s Analysis of the DWP’s ‘abysmal’ management of IT contracts.”

1984

As long ago as 1984, the House of Commons Public Accounts Committee called for the civil service to be more open about its progress on major computer projects.

Today there are questions about whether the Universal Credit IT will succeed. Hundreds of millions has already been spent. Yet, as mentioned earlier, current information on the progress of the DWP’s IT programmes remains a state secret.

It’s possible that progress on the Universal Credit IT programme has been boosted by the irregular (but thorough) scrutiny by the National Audit Office. That said, as soon as NAO reports on Universal Credit are published, ministers and senior officials who have seen copies in advance routinely dismiss any criticisms as retrospective and out-of-date.

Does it matter if the DWP is paranoid about leaks?

A paper published in 2009 looks at how damaging it can be for good government when bureaucracies lack internal challenge and seek to impose on officials a “good news” agenda, where criticism is effectively prohibited.

The paper quoted the then Soviet statesman Mikhail Gorbachev as saying, in a small meeting with leading Soviet intellectuals,

“The restructuring is progressing with great difficulty. We have no opposition party. How then can we control ourselves? Only through criticism and self-criticism. Most important: through glasnost.”

Non-democratic regimes fear a free flow of information because it could threaten political survival. In Russia there was consideration of partial media freedom to give incentives to bureaucrats who would otherwise have no challenge, and no reason to serve the state well, or avoid mistakes.

The Chernobyl nuclear disaster, which occurred on April 26, 1986, was not acknowledged by Soviet officials for two days, and only then after news had spread across the Western media.

The paper argued that a lack of criticism could keep a less democratic government in power. But it can lead to a complacency and incompetence in implementing policy that even a censored media cannot succeed in hiding.

As one observer noted after Chernobyl (Methvin in National Review, Dec. 4, 1987),

“There surely must be days—maybe the morning after Chernobyl—when Gorbachev wishes he could buy a Kremlin equivalent of the Washington Post and find out what is going on in his socialist wonderland.”

Red team

Iain DuncanSmithA lack of reliable information on the state of the Universal Credit IT programme prompted the then secretary of state Iain Duncan Smith to set up his own “red team” review.

That move was not known about at the time. Indeed in December 2012 – at a point when the DWP was issuing public statements on the success of the Universal Credit Programme – the scheme was actually in trouble. The DWP’s legal submission said,

“In summary we concluded (just before Christmas 2012) that the IT system that had been developed for the launch of UC [Universal Credit] had significant problems.”

One wonders whether DWP civil servants kept Duncan Smith in the dark because they themselves had not been fully informed about what was going on, or because they thought the minister was best protected from knowing what was going on, deniability being one key Whitehall objective.

But in the absence of reliable internal information a political leader can lose touch completely, said the paper on press freedom.

“On December 21, 1989, after days of local and seemingly limited unrest in the province of Timi¸ Ceausescu called for a grandiose meeting at the central square of Bucharest, apparently to rally the crowds in support of his leadership. In a stunning development, the meeting degenerated into anarchy, and Ceausescu and his wife had to flee the presidential palace, only to be executed by a firing squad two days later.”

Wrong assumptions

Many times, after the IT media has published articles on big government IT-based project failures, TV and radio journalists have asked to what extent the secretary of state was responsible and why he hadn’t acted to stop millions of pounds being wasted.

But why do broadcast journalists assume ministers control their departments? It is usually more likely that ministers know little about the real risks of failure until it is too late to act decisively.

Lord Bach, a minister at DEFRA, told a House of Commons inquiry in 2007 into the failure of the IT-based Single Payment Scheme that he was aware of the risks but still officials told him that systems would work as planned and farmers would receive payments on time. They didn’t. Chaos ensued.

Said Lord Bach,

“I do think that, at the end of the day, some of the advice that I received from the RPA [Rural Payments Agency] was over-optimistic.”

Lord WhittyAnother DEFRA minister at the time Lord Whitty, who was also party in charge of the Single Payment Scheme, told the same inquiry,

“Perhaps I ought also to say that this was the point at which I felt the advice I was getting was most misleading, and I have used the term ‘misleading’ publicly but I would perhaps prefer to rephrase that in the NAO terms …”

Even the impressive Stephen Crabb – who has now quit as DWP secretary of state – didn’t stand much of chance of challenging his officials. The department’s contracts, IT and other affairs, are so complex and complicated – there are bookcases full of rules and regulations on welfare benefits – that any new ministers soon find themselves overwhelmed with information and complexity.

They will soon realise they are wholly dependent on their officials; and it is the officials who decide what to tell the minister about internal mistakes and bad decisions. Civil servants would argue that ministers cannot be told everything or they would be swamped.

But the paper on press freedom said that in order to induce high effort within a bureacucracy, the leader needs “verifiable information on the bureaucrats’ performance”.

The paper made a fascinating argument that the more complacent the bureaucracy, the more aggressively it would control information. Some oil-rich countries, said the paper, have less media freedom than those with scarcer resources.

“Consistent with our theory, [some] non-democratic countries … have vast resources and poor growth performance, while the Asian tigers (South Korea, Taiwan, Hong Kong, and Singapore), while predominantly non-democratic in the 1970s and 1980s, have high growth rates and scarce natural resource.”

In an apparent opening up of information, the government in China passed a law along the lines of the U.S. Freedom of Information Act (“China Sets Out to Cut Secrecy, but Laws Leave Big Loopholes,” New York Times, Apr. 25, 2007). But was this law self-serving? It, and the launch of local elections, provided the central government with relatively reliable information on the performance of provincial bosses.

These stories from less democratic countries may be relevant in Britain because politicians here, including secretaries of state, seem to be the last to know when a big IT-based programme is becoming a disaster.

Bad news

Whtehall’s preoccupation with “good news only” goes well beyond the DWP.

T auditors Arthur D Little, in a forensic analysis of the delays, cost over-runs and problems on the development of a huge air traffic control IT project for National Air Traffic Services, whose parent was then the Civil Aviation Authority, which was part of the Department for Transport, referred to an “unwillingness to face up to and discuss bad news”.

Ministers helpless to force openness on unwilling officials?

Francis Maude came to the Cabinet Office with a reforming zeal and a sophisticated agenda for forcing through more openness, but the effects of his efforts began to evaporate as soon as he left office. Even when he was at the height of his power and influence, he was unable to persuade civil servants to publish Gateway reviews, although he’d said when in opposition that he intended to publish them.

His negotiations ended with central departments agreeing to publish only the “traffic light” status of big projects – but only after a minimum delay of at least six months. In practice the delay is usually a year or more.

Brexit

Brexit campaigners argue that the EC is undemocratic, that decisions are taken in Brussels in secret by unelected bureaucrats. But the EC is at least subject to the scrutiny, sometimes the competing scrutiny, of 29 countries.

Arguably Whitehall’s departments are also run by unelected bureaucrats who are not subject to any effective scrutiny other than inspections from time to time of the National Audit Office.

Yes Minister parodied Sir Humphrey’s firm grip on what the public should and should not be told. Usually his recommendation was that the information should be misleadingly reassuring. This was close enough to reality to be funny. And yet close enough to reality to be serious as well. It revealed a fundamental flaw in democracy.

Nowhere is that flaw more clearly highlighted than in the DWP’s legal submission. Is it any surprise that the DWP did not want the submission published?

If officials had the choice, would they publish any information that they did not control on any of their IT projects and programmes?

That’s where the indispensable work of the National Audit Office comes into the picture – but it alone, even with the help of the Public Accounts Committee, cannot plug the gaping hole in democracy that the DWP’s submission exposes.

These are some thoughts I am left with after reading the legal submission in the light of the DWP’s record on the management of IT-based projects …

  • Press freedom and the free flow of information cannot be controlled in a liberal democracy. But does Whitehall have its own subtle – and not so subtle – ways and means?
  • In light of the DWP’s track record, the public and the media are entitled to distrust whatever ministers and officials say publicly about their own performance on IT-related programmes, including Universal Credit.
  • More worryingly, would the DWP’s hierarchy care a jot if the media and public didn’t believe what the department said publicly about progress on big projects such as Universal Credit?
  • Is the DWP’s unofficial motto: Better to tell a beautiful lie than an ugly truth?
  • AL Kennedy mentioned the “botched” Universal Credit programme  when she gave a “point of view” on Radio 4 last week. Not referring specifically to Universal Credit she said facts can be massaged but nature can’t be fooled. A girder that won’t hold someone’s weight is likely to fail however many PR-dominated assurance reports have gone before. “Facts are uncompromising and occasionally grim. I wish they weren’t. Avoiding them puts us all at increased risk,” she said.

 Excerpts from the DWP submission

Some Twitter comments on this post:

tweet2

tweet3

tweet

tweet4

Aspire: eight lessons from the UK’s biggest IT contract

By Tony Collins

How do you quit a £10bn IT contract in which suppliers have become limbs of your organisation?

Thanks to reports by the National Audit Office, the questioning of HMRC civil servants by the Public Accounts Committee, answers to FOI requests, and job adverts for senior HMRC posts, it’s possible to gain a rare insight into some of the sensitive commercial matters that are usually hidden when the end of a huge IT contract draws closer.

Partly because of the footnotes, the latest National Audit Office memorandum on Aspire (June 2016) has insights that make it one of the most incisive reports it has produced on the department’s IT in more than 30 years.

Soaring costs?

Aspire is the government’s biggest IT-related contract. Inland Revenue, as it was then, signed a 10-year outsourcing deal with HP (then EDS) in 1994, and transferred about 2,000 civil servants to the company. The deal was expected to cost £2bn over 10 years.

After Customs and Excise, with its Fujitsu VME-based IT estate, was merged with Inland Revenue’s in 2005, the cost of the total outsourcing deal with HP rose to about £3bn.

In 2004 most of the IT staff and HMRC’s assets transferred to Capgemini under a contract known as Aspire – Acquiring Strategic Partners for Inland Revenue. Aspire’s main subcontractors were Accenture and Fujitsu.

In subsequent years the cost of the 10-year Aspire contract shot up from about £3bn to about £8bn, yielding combined profits to Capgemini and Fujitsu of £1.2bn – more than double the £500m originally modelled. The profit margin was 15.8% compared to 12.3% originally modelled.

The National Audit Office said in a report on Aspire in 2014 that HMRC had not handled costs well. The NAO now estimates the cost of the extended (13-year) Aspire contract from 2004 to 2017 to be about £10bn.

Between April 2006 and March 2014, Aspire accounted for about 84% of HMRC’s total spending on technology.

Servers that typically cost £30,000 a year to run under Aspire – and there are about 4,000 servers at HMRC today – cost between £6,000 when run internally or as low as £4,000 a year in the commodity market.

How could the Aspire spend continue – and without a modernisation of the IT estate?

A good service

HMRC has been generally pleased with the quality of service from Aspire’s suppliers.  Major systems have run with reducing amounts of downtime, and Capgemini has helped to build many new systems.

Where things have gone wrong, HMRC appears to have been as much to blame as the suppliers, partly because development work was hit routinely by a plethora of changes to the agreed specifications.

Arguably the two biggest problems with Aspire have been cost and lack of control.  In the 10 years between 2004 and 2014 HMRC paid an average of £813m a year to Aspire’s suppliers.  And it paid above market rates, according to the National Audit Office.

By the time the Cabinet Office’s Efficiency and Reform Group announced in 2014 that it was seeking to outlaw “bloated and wasteful” contracts, especially ones over £100m, HMRC had already taken steps to end Aspire.

It decided to break up its IT systems into chunks it could manage, control and, to some extent, commoditise.

HMRC’s senior managers expected an end to Aspire by 2017. But unexpected events at the Department for Work and Pensions put paid to HMRC’s plan …

Eight lessons from Aspire

1. Your IT may not be transformed by outsourcing.  That may be the intention at the outset. But it didn’t happen when Somerset County Council outsourced IT to IBM in 2007 and it hasn’t happened in the 12 years of the Aspire contract.

 “The Aspire contract has provided stable but expensive IT systems. The contract has contributed to HMRC’s technology becoming out of date,” said the National Audit Office in its June 2016 memorandum.

Mark DearnleyAnd Mark Dearnley, HMRC’s Chief Digital Information Officer and main board member, told the Public Accounts Committee last week,

“Some of the technology we use is definitely past its best-before date.”

2. You won’t realise how little you understand your outsourced IT until you look at ending a long-term deal.

Confidently and openly answering a series of trenchant questions from MP Richard Bacon at last week’s Public Accounts Committee hearing, Dearnley said,

“It’s inevitable in any large black box outsourcing deal that there are details when you get right into it that you don’t know what’s going on. So yes, that’s what we’re learning.”

3. Suppliers may seem almost philanthropic in the run-up to a large outsourcing deal because they accept losses in the early part of a contract and make up for them in later years.

Dearnley said,

“What we are finding is that it [the break-up of Aspire] is forcing us to have much cleaner commercial conversations, not getting into some of the traditional arrangements.

” If I go away from Aspire and talk about the typical outsourcing industry of the last ten years most contracts lost money in their first few years for the supplier, and the supplier relied on making money in the later years of the contract.

“What that tended to mean was that as time moved on and you wanted to change the contract the supplier was not particularly incented to want to change it because they wanted to make their money at the end.

“What we’re focusing on is making sure the deals are clean, simple, really easy to understand, and don’t mortgage the future and that we can change as the environment evolves and the world changes.”

4. If you want deeper-than-expected costs in the later years of the contract, expect suppliers to make up the money in contract extensions.

Aspire was due originally to end in 2004. Then it went to 2017 after suppliers negotiated a three-year extension in 2007. Now completion of the exit is not planned until 2020, though some services have already been insourced and more will be over the next four years.

The National Audit Office’s June 2016 memorandum reveals how the contract extension from 2017 to 2020 came about.

HMRC had a non-binding agreement with Capgemini to exit from all Aspire services by June 2017. But HMRC had little choice but to soften this approach when Capgemini’s negotiating position was unexpectedly strengthened by IT deals being struck by other departments, particularly the Department for Work and Pensions.

Cabinet Office “red lines” said that government would not extend existing contracts without a compelling case. But the DWP found that instead of being able to exit a large hosting contract with HP in February 2015 it would have to consider a variation to the contract to enable a controlled disaggregation of services from February 2015 to February 2018.

When the DWP announced it was planning to extend its IT contract with its prime supplier HP Enterprise, HMRC was already in the process of agreeing with Capgemini the contract changes necessary to formalise their agreement to exit the Aspire deal in 2017.

“Capgemini considered that this extension, combined with other public bodies planning to extend their IT contracts, meant that the government had changed its position on extensions…

“Capgemini therefore pushed for contract extensions for some Aspire services as a condition of agreeing to other services being transferred to HMRC before the end of the Aspire contract,” said the NAO’s June 2016 memo.

5. It’s naïve to expect a large IT contract to transfer risks to the supplier (s).

At last week’s Public Accounts Committee hearing, Richard Bacon wanted to know if HMRC was taking on more risk by replacing the Aspire contract with a mixture of insourced IT and smaller commoditised contracts of no more than three years. Asked by Bacon whether HMRC is taking on more risk Dearnley replied,

“Yes and no – the risk was always ours. We had some of it backed of it backed off in contract. You can debate just how valuable contract backing off is relative to £500bn (the annual amount of tax collected).  We will never back all of that off. We are much closer and much more on top of the service, the delivery, the projects and the ownership (in the gradual replacement of Aspire).”

6. Few organisations seeking to end monolithic outsourcing deals will have the transition overseen by someone as clear-sighted as Mark Dearnley.

His plain speaking appeared to impress even the chairman of the Public Accounts Committee Meg Hillier who asked him at the end of last week’s hearing,

Meg Hillier

Meg Hillier

“And what are your plans? One of the problems we often see in this Committee is people in very senior positions such as yours moving on very quickly. You have had a stellar career in the private sector…

“We hope that those negotiations move apace, because I suspect – and it is perhaps unfair to ask Mr Dearnley to comment – that to lose someone senior at this point would not be good news, given the challenges outlined in the [NAO] Report,” asked Hillier.

Dearnley then gave a slightly embarrassed look to Jon Thomson, HMRC’s chief executive and first permanent secretary. Dearnley replied,

“Jon and I are looking at each other because you are right. Technically my contract finishes at the end of September because I was here for three years. As Jon has just arrived, it is a conversation we have just begun.”

Hiller said,

“I would hope that you are going to have that conversation.”

Richard Bacon added,

“Get your skates on, Mr Thompson; we want to keep him.”

Thompson said,

“We all share the same aspiration. We are in negotiations.”

7. Be prepared to set aside millions of pounds – in addition to the normal costs of the outsourcing – on exiting.

HMRC is setting aside a gigantic sum – £700m. Around a quarter of this, said the National Audit Office, is accounted for by optimism bias. The estimates also include costs that HMRC will only incur if certain risks materialise.

In particular, HMRC has allowed around £100m for the costs of transferring data from servers currently managed by Aspire suppliers to providers that will make use of cloud computing technology. This cost will only be incurred if a second HMRC programme – which focuses on how HMRC exploits cloud technology – is unsuccessful.

Other costs of the so-called Columbus programme to replace Aspire include the cost of buying back assets, plus staff, consultancy and legal costs.

8. Projected savings from quitting a large contract could dwarf the exit costs.

HMRC has estimated the possible minimum and possible maximum savings from replacing Aspire. Even the minimum estimated savings would more than justify the organisational time involved and the challenge of building up new corporate cultures and skills in-house while keeping new and existing services running smoothly.

By replacing Aspire and improving the way IT services are organised and delivered, HMRC expects to save – each year – about £200m net, after taking into account the possible exit costs of £700m.

The National Audit Office said most of the savings are calculated on the basis of removing supplier profit margins and overheads on services being brought in-house, and reducing margins on other services from contract changes.

Even if the savings don’t materialise as expected and costs equal savings the benefits of exiting are clear. The alternative is allowing costs to continue to soar while you allow the future of your IT to be determined by what your major suppliers can or will do within reasonable cost limits.

Comment

HMRC is leading the way for other government departments, councils, the police and other public bodies.

Dearnley’s approach of breaking IT into smaller manageable chunks that can be managed, controlled, optimised and to some extent commoditised is impressive.  On the cloud alone he is setting up an internal team of 50.

In the past, IT empires were built and retained by senior officials arguing that their systems were unique – too bespoke and complex to be broken up and treated as a commodity to be put into the cloud.

Dearnley’s evidence to the Public Accounts Committee exposes pompous justifications for the status quo as Sir Humphrey-speak.

Both Richard Feynman and Einstein said something to the effect that the more you understand a subject, the simpler you can explain it.

What Dearnley doesn’t yet understand about the HMRC systems that are still run by Capgemini he will doubtless find out about – provided his contract is renewed before September this year.

No doubt HMRC will continue to have its Parliamentary and other critics who will say that the risks of breaking up HMRC’s proven IT systems are a step too far. But the risks to the public purse of keeping the IT largely as it is are, arguably, much greater.

The Department for Work and Pensions has proved that it’s possible to innovate with the so-called digital solution for Universal Credit, without risking payments to vulnerable people.

If the agile approach to Universal Credit fails, existing benefit systems will continue, or a much more expensive waterfall development by the DWP’s major suppliers will probably be used instead.

It is possible to innovate cheaply without endangering existing tax collection and benefit systems.

Imagine the billions that could be saved if every central government department had a Dearnley on the board. HMRC has had decades of largely negative National Audit Office reports on its IT.  Is that about to change?

Update:

This morning (22 June 2016) on LinkedIn, management troubleshooter and board adviser Colin Beveridge wrote,

“Good analysis of Aspire and outsourcing challenges. I have seen too many business cases in my career, be they a case for outsourcing, provider transition or insourcing.

“The common factor in all the proposals has been the absence of strategy end of life costs. In other words, the eventual transition costs that will be incurred when the sourcing strategy itself goes end of life. Such costs are never reflected in the original business case, even though their inevitability will have an important impact on the overall integrity of the sourcing strategy business case.

“My rule of thumb is to look for the end of strategy provision in the business case, prior to transition approval. If there is no provision for the eventual sourcing strategy change, then expect to pay dearly in the end.”

June 2016 memorandum on Aspire – National Audit Office

Dearney’s evidence to the Public Accounts Committee

Hidden for four years – a review of Universal Credit IT

By Tony Collins

Front page of a report the DWP kept hidden for four years. The DWP's lawyers went through numerous FOI appeals to try and stop the report being published.

Front page of a report the DWP kept hidden for four years. The DWP’s lawyers went through numerous FOI appeals to try and stop the report being published.

This is the independent Universal Credit Project Assessment Review  that lawyers for the Department for Work and Pensions went through numerous FOI tribunal appeals trying to keep hidden.

It  was written for the DWP by the Cabinet Office’s Major Projects Authority. Interviewees included Iain Duncan Smith and Lord Freud who was – and is – a work and pensions minister.

In 2012 Lord Freud signed off the DWP’s recommendation that an FOI request for the report’s release be refused.

Remarkable

The now-released report is remarkable for its professionalism and neutrality. It’s also remarkably ordinary given the number of words that have been crafted by the DWP’s lawyers to FOI tribunals and appeals in an effort to keep the report from being published.

The DWP’s main reason for concealing the report – and others that IT projects professional John Slater had requested under FOI in 2012 – was that publication could discourage civil servants from speaking candidly about project problems and risks, fearing negative publicity for the programme.

In the end the DWP released the report 11 days ago. This was probably because the new work and pensions secretary Stephen Crabb refused to agree the costs of a further appeal. Last month an FOI tribunal ordered that the project assessment review, risk register and issues register be published.

Had the reports been published at the time of the FOI request in 2012 it might have restricted what ministers and the DWP’s press office were able to say publicly about the success so far of the Universal Credit programme.

In the absence of their publication, the DWP issued repeated statements that dismissed criticisms of its programme management. Ministers and DWP officials were able to say to journalists and MPs that the Universal Credit programme was progressing to time and to budget.

In fact the project assessment review questioned a projected increase of £25m of IT spend in the budget.

MPRG is the Major Projects Review Group, part of the Cabinet Office. OBC is the Outline Business Case for Universal Credit. SOBC is the Strategic Outline Business Case.

MPRG is the Major Projects Review Group, part of the Cabinet Office. OBC is the Outline Business Case for Universal Credit. SOBC is the Strategic Outline Business Case.

 

 

 

 

The DWP claimed in the report that the projected of £25m in IT spend was a “profiling”rather than budgetary issue.

By this the DWP meant that it planned to boost significantly the projected savings in later years of the project. Those anticipated savings would have offset the extra IT spend in the early years. Hence the projected overspend was a “profiling” issue.

But the report questioned the credibility of the profiling exercise.

credibility extract

On the question  of whether the whole programme could be afforded the report had mixed views.

affordability extract

The report was largely positive about the DWP’s work on Universal Credit. It also revealed that in some ways not all was progressing as well as had been hoped (which was contrary to DWP statements at the time). The report said,

behind the curve extract

And a further mention of “behind the curve”…

behind the curve excerpt

None of these problems was even hinted at in official DWP statements in 2012. About six months after the project assessment review was conducted, this was a statement by a DWP minister (who uses words that were probably drafted by civil servants).

“The development of Universal Credit is progressing extremely well. By next April we will be ready to test the end to end service and use the feedback we get from claimants to make final improvements before the national launch.

“This will ensure that we have a robust and reliable new service for people to make a claim when Universal Credit goes live nationally in October 2013.”

And the following is a statement by the then DWP secretary  of state Iain Duncan Smith in November 2011, which was around the time the project assessment review was carried out. Doubtless his comments were based on briefings he received from officials.

“The [Universal Credit] programme is on track and on time for implementing from 2013.

“We are already testing out the process on single and couple claimants, with stage one and two now complete. Stage 3 is starting ahead of time – to see how it works for families.

“And today we have set out our migration plans which will see nearly twelve million working age benefit claimants migrate onto the new benefits system by 2017.”

Ironic

It’s ironic that the DWP spent four years concealing a report that could have drawn attention to the need for better communications.

communications extract

The report highlighted the need for three types of communication, internal, external and with stakeholders.

communications extract2

On communications with local authorities ..

communications extract3

Comment

The DWP has denigrated the released documents. A spokesperson described them as “nearly four years old and out of date”.

It’s true the reports are nearly four years old. They are not out of date.

They could hardly be more important if they highlight a fundamental democratic flaw, a flaw that allows Whitehall officials and ministers to make positive public statements about a huge government project while hiding reports that could contradict those statements or could put their comments into an enlightening context.

Stephen Crabb, IDS’s replacement at the DWP, is said by the Sunday Times to want officials to come clean to him and the public about problems on the Universal Credit programme.

To do that his officials will have to set themselves against a culture of secrecy that dates back decades. Though not as far as the early 1940s.

Official proceedings of parliament show how remarkably open were statements made to the House during WW2. It’s odd that Churchill, when the country’s future was in doubt, was far more open with Parliament about problems with the war effort than the DWP has ever been with MPs over the problems on Universal Credit.

I have said it before but it’s time for Whitehall departments, particularly the DWP, to publish routinely and contemporaneously their project assessment reviews, issues registers and risk registers.

Perhaps then the public, media and MPs will be better able to trust official statements on the current state of multi-billion pound IT-based programmes; and a glaring democratic deficit would be eliminated.

Openness may even help to improve the government’s record on managing IT.

Universal Credit Project Assessment Review

Is DWP’s Universal Credit FOI case a scandalous waste of money?