Tag Archives: outsourcing

Aspire: eight lessons from the UK’s biggest IT contract

By Tony Collins

HM Revenue and CustomsHow do you quit a £10bn IT contract in which suppliers have become limbs of your organisation?

Thanks to reports by the National Audit Office, the questioning of HMRC civil servants by the Public Accounts Committee, answers to FOI requests, and job adverts for senior HMRC posts, it’s possible to gain a rare insight into some of the sensitive commercial matters that are usually hidden when the end of a huge IT contract draws closer.

Partly because of the footnotes, the latest National Audit Office memorandum on Aspire (June 2016) has insights that make it one of the most incisive reports it has produced on the department’s IT in more than 30 years.

Soaring costs?

Aspire is the government’s biggest IT-related contract. Inland Revenue, as it was then, signed a 10-year outsourcing deal with HP (then EDS) in 1994, and transferred about 2,000 civil servants to the company. The deal was expected to cost £2bn over 10 years.

After Customs and Excise, with its Fujitsu VME-based IT estate, was merged with Inland Revenue’s in 2005, the cost of the total outsourcing deal with HP rose to about £3bn.

In 2004 most of the IT staff and HMRC’s assets transferred to Capgemini under a contract known as Aspire – Acquiring Strategic Partners for Inland Revenue. Aspire’s main subcontractors were Accenture and Fujitsu.

In subsequent years the cost of the 10-year Aspire contract shot up from about £3bn to about £8bn, yielding combined profits to Capgemini and Fujitsu of £1.2bn – more than double the £500m originally modelled. The profit margin was 15.8% compared to 12.3% originally modelled.

The National Audit Office said in a report on Aspire in 2014 that HMRC had not handled costs well. The NAO now estimates the cost of the extended (13-year) Aspire contract from 2004 to 2017 to be about £10bn.

Between April 2006 and March 2014, Aspire accounted for about 84% of HMRC’s total spending on technology.

Servers that typically cost £30,000 a year to run under Aspire – and there are about 4,000 servers at HMRC today – cost between £6,000 when run internally or as low as £4,000 a year in the commodity market.

How could the Aspire spend continue – and without a modernisation of the IT estate?

A good service

HMRC has been generally pleased with the quality of service from Aspire’s suppliers.  Major systems have run with reducing amounts of downtime, and Capgemini has helped to build many new systems.

Where things have gone wrong, HMRC appears to have been as much to blame as the suppliers, partly because development work was hit routinely by a plethora of changes to the agreed specifications.

Arguably the two biggest problems with Aspire have been cost and lack of control.  In the 10 years between 2004 and 2014 HMRC paid an average of £813m a year to Aspire’s suppliers.  And it paid above market rates, according to the National Audit Office.

By the time the Cabinet Office’s Efficiency and Reform Group announced in 2014 that it was seeking to outlaw “bloated and wasteful” contracts, especially ones over £100m, HMRC had already taken steps to end Aspire.

It decided to break up its IT systems into chunks it could manage, control and, to some extent, commoditise.

HMRC’s senior managers expected an end to Aspire by 2017. But unexpected events at the Department for Work and Pensions put paid to HMRC’s plan …

Eight lessons from Aspire

1. Your IT may not be transformed by outsourcing.  That may be the intention at the outset. But it didn’t happen when Somerset County Council outsourced IT to IBM in 2007 and it hasn’t happened in the 12 years of the Aspire contract.

 “The Aspire contract has provided stable but expensive IT systems. The contract has contributed to HMRC’s technology becoming out of date,” said the National Audit Office in its June 2016 memorandum.

Mark DearnleyAnd Mark Dearnley, HMRC’s Chief Digital Information Officer and main board member, told the Public Accounts Committee last week,

“Some of the technology we use is definitely past its best-before date.”

2. You won’t realise how little you understand your outsourced IT until you look at ending a long-term deal.

Confidently and openly answering a series of trenchant questions from MP Richard Bacon at last week’s Public Accounts Committee hearing, Dearnley said,

“It’s inevitable in any large black box outsourcing deal that there are details when you get right into it that you don’t know what’s going on. So yes, that’s what we’re learning.”

3. Suppliers may seem almost philanthropic in the run-up to a large outsourcing deal because they accept losses in the early part of a contract and make up for them in later years.

Dearnley said,

“What we are finding is that it [the break-up of Aspire] is forcing us to have much cleaner commercial conversations, not getting into some of the traditional arrangements.

” If I go away from Aspire and talk about the typical outsourcing industry of the last ten years most contracts lost money in their first few years for the supplier, and the supplier relied on making money in the later years of the contract.

“What that tended to mean was that as time moved on and you wanted to change the contract the supplier was not particularly incented to want to change it because they wanted to make their money at the end.

“What we’re focusing on is making sure the deals are clean, simple, really easy to understand, and don’t mortgage the future and that we can change as the environment evolves and the world changes.”

4. If you want deeper-than-expected costs in the later years of the contract, expect suppliers to make up the money in contract extensions.

Aspire was due originally to end in 2004. Then it went to 2017 after suppliers negotiated a three-year extension in 2007. Now completion of the exit is not planned until 2020, though some services have already been insourced and more will be over the next four years.

The National Audit Office’s June 2016 memorandum reveals how the contract extension from 2017 to 2020 came about.

HMRC had a non-binding agreement with Capgemini to exit from all Aspire services by June 2017. But HMRC had little choice but to soften this approach when Capgemini’s negotiating position was unexpectedly strengthened by IT deals being struck by other departments, particularly the Department for Work and Pensions.

Cabinet Office “red lines” said that government would not extend existing contracts without a compelling case. But the DWP found that instead of being able to exit a large hosting contract with HP in February 2015 it would have to consider a variation to the contract to enable a controlled disaggregation of services from February 2015 to February 2018.

When the DWP announced it was planning to extend its IT contract with its prime supplier HP Enterprise, HMRC was already in the process of agreeing with Capgemini the contract changes necessary to formalise their agreement to exit the Aspire deal in 2017.

“Capgemini considered that this extension, combined with other public bodies planning to extend their IT contracts, meant that the government had changed its position on extensions…

“Capgemini therefore pushed for contract extensions for some Aspire services as a condition of agreeing to other services being transferred to HMRC before the end of the Aspire contract,” said the NAO’s June 2016 memo.

5. It’s naïve to expect a large IT contract to transfer risks to the supplier (s).

At last week’s Public Accounts Committee hearing, Richard Bacon wanted to know if HMRC was taking on more risk by replacing the Aspire contract with a mixture of insourced IT and smaller commoditised contracts of no more than three years. Asked by Bacon whether HMRC is taking on more risk Dearnley replied,

“Yes and no – the risk was always ours. We had some of it backed of it backed off in contract. You can debate just how valuable contract backing off is relative to £500bn (the annual amount of tax collected).  We will never back all of that off. We are much closer and much more on top of the service, the delivery, the projects and the ownership (in the gradual replacement of Aspire).”

6. Few organisations seeking to end monolithic outsourcing deals will have the transition overseen by someone as clear-sighted as Mark Dearnley.

His plain speaking appeared to impress even the chairman of the Public Accounts Committee Meg Hillier who asked him at the end of last week’s hearing,

Meg Hillier

Meg Hillier

“And what are your plans? One of the problems we often see in this Committee is people in very senior positions such as yours moving on very quickly. You have had a stellar career in the private sector…

“We hope that those negotiations move apace, because I suspect – and it is perhaps unfair to ask Mr Dearnley to comment – that to lose someone senior at this point would not be good news, given the challenges outlined in the [NAO] Report,” asked Hillier.

Dearnley then gave a slightly embarrassed look to Jon Thomson, HMRC’s chief executive and first permanent secretary. Dearnley replied,

“Jon and I are looking at each other because you are right. Technically my contract finishes at the end of September because I was here for three years. As Jon has just arrived, it is a conversation we have just begun.”

Hiller said,

“I would hope that you are going to have that conversation.”

Richard Bacon added,

“Get your skates on, Mr Thompson; we want to keep him.”

Thompson said,

“We all share the same aspiration. We are in negotiations.”

7. Be prepared to set aside millions of pounds – in addition to the normal costs of the outsourcing – on exiting.

HMRC is setting aside a gigantic sum – £700m. Around a quarter of this, said the National Audit Office, is accounted for by optimism bias. The estimates also include costs that HMRC will only incur if certain risks materialise.

In particular, HMRC has allowed around £100m for the costs of transferring data from servers currently managed by Aspire suppliers to providers that will make use of cloud computing technology. This cost will only be incurred if a second HMRC programme – which focuses on how HMRC exploits cloud technology – is unsuccessful.

Other costs of the so-called Columbus programme to replace Aspire include the cost of buying back assets, plus staff, consultancy and legal costs.

8. Projected savings from quitting a large contract could dwarf the exit costs.

HMRC has estimated the possible minimum and possible maximum savings from replacing Aspire. Even the minimum estimated savings would more than justify the organisational time involved and the challenge of building up new corporate cultures and skills in-house while keeping new and existing services running smoothly.

By replacing Aspire and improving the way IT services are organised and delivered, HMRC expects to save – each year – about £200m net, after taking into account the possible exit costs of £700m.

The National Audit Office said most of the savings are calculated on the basis of removing supplier profit margins and overheads on services being brought in-house, and reducing margins on other services from contract changes.

Even if the savings don’t materialise as expected and costs equal savings the benefits of exiting are clear. The alternative is allowing costs to continue to soar while you allow the future of your IT to be determined by what your major suppliers can or will do within reasonable cost limits.

Comment

HMRC is leading the way for other government departments, councils, the police and other public bodies.

Dearnley’s approach of breaking IT into smaller manageable chunks that can be managed, controlled, optimised and to some extent commoditised is impressive.  On the cloud alone he is setting up an internal team of 50.

In the past, IT empires were built and retained by senior officials arguing that their systems were unique – too bespoke and complex to be broken up and treated as a commodity to be put into the cloud.

Dearnley’s evidence to the Public Accounts Committee exposes pompous justifications for the status quo as Sir Humphrey-speak.

Both Richard Feynman and Einstein said something to the effect that the more you understand a subject, the simpler you can explain it.

What Dearnley doesn’t yet understand about the HMRC systems that are still run by Capgemini he will doubtless find out about – provided his contract is renewed before September this year.

No doubt HMRC will continue to have its Parliamentary and other critics who will say that the risks of breaking up HMRC’s proven IT systems are a step too far. But the risks to the public purse of keeping the IT largely as it is are, arguably, much greater.

The Department for Work and Pensions has proved that it’s possible to innovate with the so-called digital solution for Universal Credit, without risking payments to vulnerable people.

If the agile approach to Universal Credit fails, existing benefit systems will continue, or a much more expensive waterfall development by the DWP’s major suppliers will probably be used instead.

It is possible to innovate cheaply without endangering existing tax collection and benefit systems.

Imagine the billions that could be saved if every central government department had a Dearnley on the board. HMRC has had decades of largely negative National Audit Office reports on its IT.  Is that about to change?

Update:

This morning (22 June 2016) on LinkedIn, management troubleshooter and board adviser Colin Beveridge wrote,

“Good analysis of Aspire and outsourcing challenges. I have seen too many business cases in my career, be they a case for outsourcing, provider transition or insourcing.

“The common factor in all the proposals has been the absence of strategy end of life costs. In other words, the eventual transition costs that will be incurred when the sourcing strategy itself goes end of life. Such costs are never reflected in the original business case, even though their inevitability will have an important impact on the overall integrity of the sourcing strategy business case.

“My rule of thumb is to look for the end of strategy provision in the business case, prior to transition approval. If there is no provision for the eventual sourcing strategy change, then expect to pay dearly in the end.”

June 2016 memorandum on Aspire – National Audit Office

Dearney’s evidence to the Public Accounts Committee

Can all councils open up like this please – even Barnet?

By Tony Collins

somerset county councilBitten by misfortune over its outsourcing/joint venture deal with IBM, Somerset County  Council has become more open – which seemed unlikely nearly a decade ago.

In 2007 the council and IBM formed Southwest One, a joint services company owned by IBM. The deal was characterised by official secrecy. Even non-confidential financial information on the deal was off-limits.

That’s no longer the case. Humbled a little by a failure of the outsourcing deal (including a legal action launched by IBM that cost the council’s taxpayers at least £5.9m)  local officials and their lawyers don’t automatically reach for the screens when things go wrong.

In 2014 Somerset County Council published a useful report on the lessons learnt from its Southwest One contract.

The latest disclosure is a report to the council’s audit committee meeting in June. The report focuses on the poor management and lack of oversight by some of Somerset’s officers of a range of contractor contracts. The council has 800 contracts, 87 of which are worth over £1m and some worth a lot more.

Given that the Council is committed to becoming an increasingly commissioning authority, it is likely that the total value of contracts will increase in the medium term, says the audit report by the excellent South West Audit Partnership (SWAP).

SWAP put the risk of contracts not being delivered within budget as “high”, but council officers had put this risk initially at only “medium”. SWAP found that the risk of services falling below expected standards or not delivering was “high” but, at the start of the audit assessment, council officers had put the risk at only “medium”.

somerset county council2One contract costing more than £10m a year had no performance indicators that were being actively monitored, said SWAP.

None of the contracts reviewed had an up-to-date risk register to inform performance monitoring.

No corporate contract performance framework was in place for managing contracts above defined thresholds.

“Some key risks are not well managed,” says the report.

“It is acknowledged that the Council has implemented new contract procedural rules from May 2015 which post-dates the contracts reviewed in this audit; however these procedural rules contain only ‘headline’ statements relating to contract management.

“Most notable in the audit work undertaken was the lack of consistency in terms of the approach to contract management across the contracts reviewed. Whilst good practice was found to be in place in several areas, the level of and approach to management of contracts varied greatly.

“No rationale based on proportionality, value, or risk for this variation was found to be in place. The largest contract reviewed had an annual value of over £10 million but no performance indicators were currently being actively monitored.”

Report withdrawn

Soon after the report was published the council withdrew it from its website. It says the Audit Committee meeting for 3 May has been postponed until June. It’s expected that the audit report will be published (again) shortly before that meeting.

Fortunately campaigner Dave Orr downloaded the audit report before it was taken down.

Comment

How many councils manage outsourcing and other contracts as unpredictably as Somerset but keep quiet about it?

Barnet Council's Hendon Town Hall

Barnet Council’s Hendon Town Hall

Why, for example, have Barnet’s officers and ruling councillors not made public any full audit reports on the council’s performance in managing its contracts with Capita?

It could be that councils up and down the country are not properly managing their contracts – or are leaving it to the outsourcing companies to reveal when things go wrong.

Would that regular SWAP reports were published for every council.

All public authorities have internal auditors who may well do a good job but their findings, particularly if they are critical of the management of suppliers, are usually kept confidential.

Freedom of information legislation has made councils more open generally, as has guidance the Department for Communities and Local Government issued in 2014.

But none of this has made councils such as Barnet more open about any problems on its outsourcing deals.

Indeed clear and perceptive audit reports such as the one from SWAP are rare in the world of local government.

All of which raises the question of whether one reason some councils love outsourcing is that they can pass responsibility to suppliers for things that go wrong knowing the public may never find out the full truth because secrecy is still endemic in local government.

Thank you to Dave Orr for drawing my attention to the audit report – and its (temporary) withdrawal.

Somerset Council’s (withdrawn) Audit Committee report

Southwest One – the complete story by Dave Orr

Cornwall a model of openness as outsourcing deal with BT turns sour?

By Tony Collins

Photo Estelle Allen

Photo Estelle Allen

Will Barnet Council ever be as open as Cornwall Council has been over the performance of its IT outsourcing supplier?

Two years ago Cornwall signed a 10-year £260m strategic “partnership” with BT. The word “partnership” seems odd now that BT has taken out an injunction against Cornwall to stop the council ending the relationship 8 years early.

The two sides will go to court in December to determine if the council has a right to terminate the contract now.

If it loses  the case, Cornwall will have to retain as its main IT services supplier a company that has been its High Court adversary. The judge may also order the council to pay BT’s legal costs.

The odds may be against Cornwall’s winning because BT has much experience in outsourcing legalities. It’s possible that its managers have been collecting evidence of  any council shortcomings from day 1 of the contract,  in case the relationship turned sour.

But independent Cornwall councillor Andrew Wallis says on his blog that BT is dragging the council to court because of BT’s own failings. The council says BT has not achieved its key performance indicators or met to its guarantees on creating new jobs.

Cornwall council logoCornwall threatened to terminate for breach of contract but did not do so while it was in talks with BT’s senior corporate executives. When an amicable termination could not be agreed BT instructed its lawyers to seek an injunction preventing the council from terminating, which they did at a hearing on 12 August.  The result was that the High Court agreed to an expedited trial that will start on 1 December 2015.

It’s all a far cry from the time two years ago, before the contract was signed, when BT and council officers were promising much, and saying little about what could go awry.

BT Cornwall slideIn its literature, amid beautifully-executed artwork and graphics, BT highlighted its success at South Tyneside Council, its sponsorship of events such as Comic Relief, Children in Need and Childline and its presence as one of the largest employers in the South West.

Similarly, Cornwall officers, in 2013,  wrote reassuringly about any forthcoming deal with BT. They said:

“It should also be borne in mind that strategic partnerships are nothing new. BT – and other councils – have been involved in them for more than 10 years.

“Similarly the outsourcing market is mature and well understood. The UK local government IT and Business Process Outsourcing market is the biggest outsourcing market in the world and there are over 100 deals in operation.

“Risks are sometimes managed well and sometimes managed badly. The risks have been mitigated by using expert advisors and the Council has senior officers who understand this territory well.”

A BT spokesman told Government Computing this week:

“BT has commenced legal action to ensure fair and proper handling of the issues which have arisen about BT Cornwall, and while this is taking place, it would be inappropriate for us to comment.”

Comment

How is Capita’s performance on its contract at Barnet? We don’t know. The success or otherwise of the deal is blanketed in secrecy. In May Barnet blogger Mr Reasonable offered to make a charity donation of £250 if the council showed it was making the promised savings. The money went unclaimed.

There is no evidence of any failure of Barnet’s outsourcing deal. But would the public or media ever know if the supplier’s performance was falling short of the council’s expectations?

Cornwall has many independent councillors (36 compared with the 37 ruling Liberal Democrats). Debates tend to be on the merits of the matter not on the basis of party politics.

Barnet’s policy is tied in with a political ideology: ruling councillors want to turn Barnet into a “commissioning council” which involves outsourcing as much as possible.

In  practice the bedrock of this ideology is the relationship with Capita. If it went wrong would Barnet have too much to lose to go into dispute? For the sake of its ideology would Barnet accept any quality of service Capita delivers?

Cornwall

Photo Estelle Allen

Photo Estelle Allen

In threatening BT with termination because of breaches of contract, Cornwall Council could be criticised for not letting a 10-year outsourcing bed down. It’s unusual for a strategic partnership to end up in court less than 3 years into a 10-year contract.

On the other hand BT promised to create jobs in year 1 and 2 of the contract that the council say have not materialised. Councillors and officers are unhappy about many other aspects of the deal.  BT took on about 280 full-time equivalent council employees, about 130 of whom worked in Information Services.

What’s striking about the history of outsourcing discussions at Cornwall, and the run-up to the signing of a contract, is its openness. It would be easy for BT’s defenders to say that Cornwall’s open, feisty and unforgiving attitude are factors in the strained relationships so far.

On the other hand the problems Cornwall has experienced in the first 2 years of the relationship may be normal in outsourcing deals at other councils. It’s  just that ruling councillors and officers don’t talk about them in public.

All the more credit to Cornwall for its openness.

Barnet’s outsourcing deal may be more successful than Cornwall’s – but how does anyone outside a small group at Barnet really know? Local government and democratic accountability are often uncomfortable bedfellows.

Thank you to Dave Orr who drew my attention to the latest developments at Cornwall Council. 

Cornwall Council rushes to sign BT deal before elections

Cornwall Council tries to pull the plug on BT Cornwall

BT Cornwall is not working for Cornwall as it should

Overview of BT Cornwall’s performance against commitments and guarantees – as perceived by Cornwall’s officers

KPI measures Achieved (185/289) – 64%

PI measures Achieved (266/402) – 66%

Service Transformation (percentage of plans completed) – 38%

Financial contractual baseline savings (10% & 11.6%) – 100%

Trading gain share received (est £17.4m over 10 years) – £0

Guaranteed new jobs in Cornwall (yrs 1 & 2 111 new jobs target / 35.1 created) – 32%

Committed new jobs in Cornwall (yrs 1 & 2) – 0


Some of BT’s pre-outsourcing deal literature for Cornwall’s councillors

  • BT is a FTSE 100 company
  • We are one of the largest employers in the UK and the SW
  • We currently employ > 5,900 people in the South West including 1,028 Cornwall residents
  • BT already makes a financial impact of over £749m a year in the region
  • BT spent >£145m with local suppliers in 2011/12 and will increase this substantially through the Partnership
  • We generate 142,000 fraud referrals each week for the DWP across 50 data sources from 260,000,000 records
  • We undertake c.1,000,000 criminal record checks per annum at Disclosure Scotland to safeguard vulnerable groups.
  • We provide the highly secure directory services for the 260,000 military and civilian defence staff
  • We collect circa £580,000,000 in tax revenues each year on behalf of our local authority partnerships
  • The NHS Spine platform exchanges £3.5m prescription messages per week
  • We are delivering in excess of £500,000,000 savings in partnership with six UK Councils through efficiency and transformation programmes
  • We run one of the worlds largest data warehouses to enable the timely anonymous collection of patient data and information for clinical and billing purposes other than direct patient care .
  • Yes, we do poles and wires…but did you also know in the public sector we process over 532,000 benefits assessments for new applications and change of circumstances each year in our Local Government Partnerships?

Are councillors in Somerset ignoring the wisdom of their auditors?

By Tony Collins

It’s good to see auditors in local government doing their job well  – not accepting verbal assurances and seeking proof that all is well with an outsourced system .

But what if councillors apply a lower standard – and accept verbal assurances without checking them?

A  strong report by the South West Audit Partnership [SWAP] went to councillors at Somerset County Council’s Audit Committee on 2 July 2015. The report was about problems with an outsourced system, the Adults Integrated Solution [AIS].

Although not the original supplier, IBM has provided AIS to Somerset County Council under a 10-year outsourcing contract/joint venture – Southwest One –  that was signed in 2007.

The SWAP report said limited progress has been made in implementing the AIS-related recommendations from its 2012-2013 audit report. It added that:

– AIS performance and response times could be “less than adequate for users’ needs”.

– Southwest One was unwilling to develop a service level agreement specifically for the AIS application.

– “Poor response time has led to the disabling of enhanced audit trails/logs that would make it possible to trace and attribute user activity in the system.” SWAP added that this was “worrying” given that the data involved was “sensitive and personal”.

– SWAP had been refused access to the contract between IBM and Northgate, the original supplier of AIS.

Are verbal assurances worth anything?

Having studied AIS from time to time over 2 years, and spoken to its users, SWAP’s auditors have been reluctant, on some of their concerns, to accept verbal assurances that all is well.

When they have sought documentary evidence to support assurances it hasn’t always been forthcoming.

SWAP said in its latest report:

“Verbal assurances were provided that the ToR for AIS Programme Board had been reviewed and that roles and responsibilities in relation to system ownership had been clarified. However, no evidence was provided to support these assurances.”

Now Somerset’s audit committee has done what its auditors wouldn’t do and has accepted verbal assurances that all is well with AIS.

SWAP’s auditors had expressed a multitude of concerns about AIS. But Somerset’s officers verbally assured audit committee councillors that a single upgrade had solved all the problems.

One officer, in a statement, told Dave Orr, a Somerset resident who campaigns for openness over IBM’s relationship with the council:

“I can confirm that all of the fundamental issues raised through the [SWAP] Audit Report [on AIS] have now been addressed…

“The AIS application is one of the top systems used by local authorities for social care services in the UK. The performance issues referred to in the Audit Report were resolved by a system upgrade.”

Comment:

It’s difficult if not impossible to see how a single upgrade could address all the points SWAP made – such as the lack of a service level agreement to cover AIS or the refusal by IBM to supply a copy of its contract with Northgate.

Whenever auditors produce a hard-hitting report there will be 2 opposing sides: defenders of what’s being criticised and the auditors.

It is up to the auditors to cut through any dissimulation, obfuscation and prevarication to identify what’s going well, what isn’t, and what the uncertainties and risks are.

Auditors would not be doing their job if they always accepted verbal assurances at face value.

But what if auditors are undermined by councillors who readily accept verbal assurances from their officers who wish to defend the suppliers?

A supplier that doesn’t have to provide documentary evidence can say anything in defence of its systems and the quality of service.

Somerset’s councillors are lucky to have auditors as independently-minded as SWAP.

It’s unlikely that SWAP would accept at face value the Somerset officer’s suggestion that because AIS is widely used it’s unlikely to be a poor system.

This would be like Ford saying a particular Mondeo is unlikely to be at fault because thousands of people happily own one.

Every IT installation is different, even if the main software package is widely used. The hardware, network configuration, load on the network, facilities and interfaces installed will render every IT installation unique.

It’s conceivable that every council client of AIS could have a trouble-free service except Somerset.

Are the council’s audit committee councillors gullible to accept verbal assurances about the problems with AIS being solved without requiring proof?

Where does this leave the 775 users of Somerset’s AIS, many of whom may be having to do difficult work in managing vulnerable adults while trying to cope with what may be one of the UK’s worst outsourced systems?

Thank you to Dave Orr for providing information that made this post possible.

Pity the 775 users who use this outsourced council system?

SWAP report on AIS for Somerset County Council’s Audit Committee 2 July 2015

SWAP 2012-2013 audit report on AIS

 

 

Pity the 775 users who use this outsourced council system?

By Tony Collins

Adult care systems are a cinderella IT service for councils.

It’s rare for journalists to write about them, for good or ill, perhaps because they help council staff deal with vulnerable adults. Such systems help with payments to care home and hospice providers. They help staff organise facilities for adults with learning disabilities or dementia, and respite care for adults at risk of abuse.

One such system has 775 users in Somerset. It’s a “critical” application according to the county council there.  The Adults Integrated Solution was originally supplied by Northgate. The system became IBM’s responsibility under a 10-year outsourcing and joint venture, Southwest One.

The latest in a series of excellent reports on the system’s enduring problems by auditors the South West Audit Partnership goes to Somerset County Council’s Audit Committee today (2 July 2015).

How bad is bad?

The report says the system’s response times have been so poor  that audit trails and logs have been disabled. So how can IBM and the council trace and attribute user activity in the system – particularly one handling sensitive and personal data?

The report says this disabling of the audit trial and logs is “worrying”.

Auditors reported on the system’s weaknesses in their 2012/2013 audit report.  Since then there has been only “limited progress” in implementing recommendations, says today’s report.

On some of their priority recommendations, auditors say they have been unable to obtain documentary evidence to support implementation. They have received verbal assurances – but they remain concerned.

The report says that AIS performance and response times “can still be less than adequate for users’ needs” and IBM is unwilling to develop a service level agreement specifically for the AIS application.

Indeed IBM has refused to give the county council a copy of the AIS contract with Northgate and it was not made available to the South West Audit Partnership for its audit of the system.

This may prompt councillors to ask how the council can properly manage a critical application if it has no control over the system or the outsourcer.

Repeated audit reports on the problems appear to have left matters unresolved.

Below are some of the concerns of the South West Audit Partnership as mentioned in its 2012/2013 audit report. It reports today that it has received only “partial” assurances that these problems have been solved.

Applications could be unavailable a month or more

Said the South West Audit Partnership: “We have identified in previous audit reports that there is no tested IT disaster recovery strategy. This is a strategy that would be put into effect in the event the Somerset County Council data centre was unavailable for any reason. Although a contract has been signed with Adam Continuity, applications could still be unavailable for a month or even more.”

No formally-named business system owner

“As of November 2014, Helen Wakeling (AIS System Owner) has left Somerset County Council. The responsibility of AIS system ownership needs to be reassigned and formalised.”

Payments to care providers not properly checked?

“… there does not appear to be a process to ensure payments are authorised, appropriate, complete and accurate…

 

IBM has no contractual duty to provide a good system

“There is no contractual requirement or service level for Southwest One [IBM] to provide a platform that delivers performance and response time that is acceptable to ASC [Adult Social Care] Operations.”

Data validation?

“Data quality in AIS data is undermined by the lack of robust input validation within the AIS application.

“Client records can be created with a minimum of information. Key personal identifiers such as data of birth, NI number and NHS number do not need to be entered and this both increases the risk of duplicate records and provides less data with which to identify those that have been created…”

Is IBM hiding AIS contract from the council?

“Southwest One currently owns the contract with Northgate and would not provide SWAP with a copy. As a result SWAP [South West Audit Partnership] was not able to evaluate Northgate’s compliance with the terms of the contract including licensing requirements…”

Personal data at risk?

“It was noted that developers have access to the production environment, unmasked live production data is used by developers and vendors for testing purposes and desktops are not locked down.”

Potential for fraud?

“In addition the authorise function, a security feature available in AIS has not been implemented resulting in all authorisations occurring outside of AIS. As a result data loss, potential corruption of data, incorrect and potentially fraudulent use of the application, missed, inappropriate or additional payments, will not be identified and acted upon.”

Corrupt data?

“In spite of a recent security incident that appeared to result in some data corruption, there is no reporting in place or review of user, super user or generic user access for appropriateness.”

Can former staff still log on?

“Terminated users were identified with valid AIS access credentials. Just less than 10% of managers with access were found to be no longer employed. In addition user ids are not disabled after not being used for a period of time.”

Unattended screens?

“The time-out for the application is 1 hour. Although users typically leave the application on and lock the screen when they go out to lunch, this process is inefficient, leaving sessions unavailable for others and insecure, since the user could forget to lock their screen and allow bypass of all security.”

System security?

“We also identified in our capacity management audit that desktop lock-down is not in effect and as a result AIS data can be downloaded and copied to USB flash storage. SWAP recommended data security policies be developed and implemented …”

**

Dave Orr who has followed events at Somerset closely since the county council signed the Southwest One contract in 2007 has written to audit committee councillors about the AIS system.

One of his questions is how the council could have transferred a critical application to IBM without its being protected by any specific service level agreement.

Orr says: “I do not believe that an in-house IT service, with a head of IT in the direct employ of this council, would be allowed to leave these serious shortcomings in performance, audit logging and disaster recovery unaddressed.”

Comment

So much for the claims back in 2007, when the council and IBM formed Southwest One, that the services would be “beyond excellence”.

If this is the worst outsourced system in the UK where does that leave the 775 council users who no doubt are trying to do their best for the vulnerable adults in their community?

Thank you to Dave Orr for providing the information on which this article is based.

Is HMRC spending enough for help to replace £10.4bn Aspire contract?

By Tony Collins

Government Computing reports that HM Revenue and Customs is seeking a partner for a two-year contract, worth £5m to £20m, to help the department replace the Aspire deal which expires in 2017.

HMRC is leading the way for central government by seeking to move away from a 13-year monopolistic IT supply contract, Aspire, which is expected to cost £10.4bn up to 2017.

Aspire’s main supplier is Capgemini.  Fujitsu and Accenture are the main subcontractors.

HMRC says it wants its IT services to be designed around taxpayers rather than its own operations. Its plan is to give every UK taxpayer a personalised digital tax account – built on agile principles – that allows interactions in real-time.

This will require major changes in its IT,  new organisational skills and changes to existing jobs.

HMRC’s officials want to comply with the government’s policy of ending large technology contracts in favour of smaller and shorter ones.

Now the department is advertising for a partner to help prepare for the end of the Aspire contract. The partner will need to help bring about a “culture and people transformation”.

The contract will be worth £5m to £20m, the closing date for bids is 6 July, and the contract start date is 1 September.  A “supplier event” will be held next week.

But is £5m to £20m enough for HMRC to spend on help to replace a £10.4bn contract?

This is the HMRC advert:

“HMRC/CDIO [Chief Digital Information Officer, Mark Dearnley] needs an injection of strategic-level experience and capacity to support people and culture transformation.
“The successful Partner must have experience of managing large post-merger work force integrations, and the significant people and cultural issues that arise. HMRC will require the supplier to provide strategic input to the planning of this activity and for support for senior line managers in delivering it.
“HMRC/CDIO needs an injection of strategic level experience and capacity to help manage the exit from a large scale outsourced arrangement that has been in place for 20+ years.
“HMRC is dependent on its IT services to collect £505bn in tax and to administer £43bn in benefits each year. The successful supplier must have proven experience of working in a multi-supplier environment, working with internal and external legal teams and suppliers and must have a proven track record of understanding large IT business operations.
“HMRC/CDIO needs an injection of strategic level experience and capacity to help HMRC Process Re-engineer and ‘Lean’ its IT operation. HMRC/CDIO requires a Programme Management Office (PMO) to undertake the management aspects of the programme.
“It is envisaged that the Lead Transformation Partner will provide leadership of the PMO and work alongside HMRC employees. The leadership must have significant experience of working in large, dynamic, multi-faceted programmes working in organisations that are of national/international scale and importance including major transformation…”

Replacing Aspire with smaller short-term contracts will require a transfer of more than 2,000 Capgemini staff to possibly a variety of SMEs or other companies, as well as big changes in HMRC’s ageing technologies.

It would be much easier for HMRC’s executives to replace Aspire with another long-term costly contract with a major supplier but officials are committed to fundamental change.

The need for change was set out by the National Audit Office in a report “Managing and replacing the Aspire contract”  in 2014. The NAO found that Capgemini has, in general,  kept the tax systems running fairly well and successfully delivered a plethora of projects. But at a cost.

The NAO report said Aspire was “holding back innovation” in HMRC’s business operations”.

Aspire had made it difficult for HMRC to “get direction or control of its ICT; there was little flexibility to get things done with the right supplier quickly or make greater use of cross-government shared infrastructure and services”. And exclusivity clauses “prevented competition and stifled new ideas”.

Capgemini and Fujitsu made a combined profit of £1.2bn, more than double the £500m envisaged in the original business plan. Profit margins averaged 16 per cent to March 2014, also higher than the original 2004 plan.

HMRC was “overly dependent on the technical capability of the Aspire suppliers”. The NAO also found that HMRC competed only 14 contracts outside Aspire, worth £22m, or 3 per cent of Aspire’s cost.

Although generally pleased with Capgemini,  HMRC raised with Capgemini, during a contract renegotiation, several claimed contract breaches for the supplier’s performance and overall responsiveness.

When benchmarking the price of Aspire services and projects on several occasions, HMRC has found that it has often “paid above-market rates”.

HMRC did not consider that its Fujitsu-run data centres were value for money.

Comment

HMRC deserves credit for seeking to replace Aspire with smaller, short-term contracts. But is it possible that HMRC is spending far too little on help with making the switch?

HMRC doesn’t have a reputation for caution when it comes to IT-related spending.  The total cost of Aspire is expected to rise to £10.4bn by 2017 from an original expected spend of £4.1bn. [The £10.4bn includes an extra £2.3bn for a 3-year contract extension.]

Therefore a spend of £5m to £20m for help to replace Aspire seems ridiculously low given the risks of getting it wrong, the complexities, the number of staff changes involved, the changes in IT architecture, and the legal, commercial and technical capabilities required.

The risks are worth taking, for HMRC to regain full control over ICT and performance of its operations.

If all goes wrong with the replacement of Aspire, costs will continue to spiral. The Aspire contract lets both parties extend it by agreement for up to eight years. HMRC says it does not intend to extend Aspire further. But an overrun could force HMRC to negotiate an extension.

As the NAO has said, an extension would not be value for money, since there would continue to be no competitive pressure.

Campaign4Change has never before accused a government department of allocating too little for IT-related change. There’s always a first time.

Government Computing article

 

Cornwall Council rushes to sign BT outsourcing deal before elections

By Tony Collins

Cornwall council logoCornwall Council was a model of local democracy in the way it challenged and then rejected a large-scale outsourcing plan. Now it has gone to the other extreme.

Amid extraordinary secrecy the Council’s cabinet is rushing through plans to sign a smaller outsourcing contract with BT – a deal that will include IT – before the May council elections.

Councillors who have been given details are not allowed to discuss them. No figures are being given on the costs to the council, or the possible savings. The Council’s cabinet is not releasing information on the risks.

Councillors are being treated like children, says ThisisCornwall. Documents with details of the BT outsourcing plans have to be handed back by councillors, and cabinet papers are being printed individually with members’ names as a watermark, on every page, to guard against copying and to help identify any whistleblowers.

The council’s Single Issue Panel has a timetable for the IT outsourcing plan.

– Recommendation to Cabinet to approve release of ITT – 27 February 2013

– Evaluation of bid – March 2013

– If contract awarded, commencement of implementation work – April 2013

– Staff transfer date – July 2013

The SIP report emphasises that the timetable for signing a deal is tight. “Evidence received is that there is little room for slippage in the timetable, but that potential award of contract is achievable by the end of March 2013… It is expected that a contract could be ready to be issued as part of the ITT [invitation to tender] pack by early in the week commencing 4 March 2013.”

The SIP report concedes that the plan is “fast moving”.

In the past, the SIP group of councillors has been open and challenging in its reports on the council’s plans with BT (and CSC before the company withdrew from negotiations). Now the SIP’s latest report is vague and unchallenging. The risks are referred to in the report as a tick-box exercise. Entire paragraphs in the SIP report appear to have little meaning.

“Risk log and programme timelines are reviewed and updated on a regular basis… 

“The Council and health partners have been working on and have reached agreement on their positions in relation to commercial aspects in the contract and their expectations have been part of the dialogue with BT.”

“Previous concerns of the Panel relating to the area of new jobs have been addressed with BT in contract discussions and contract clauses have been revised to reflect this…”

It is also unclear from the SIP report why the council is outsourcing at all, only perhaps a hint that the deal will be value for money.

“The contract will be fully evaluated by the Head of Finance and her team to ensure value for money once the final bid is received. No savings have been assumed for 2013/14 budgetary purposes, although there are assumptions of savings for the indicative figures for future years,” says the SIP report.

Comment

It is a pity that Cornwall Council’s cabinet is rushing to sign a deal for which it won’t be accountable if things go wrong. In a few weeks a new council will be voted in and, if the outsourcing deal with BT ends up in a dispute or litigation, the new council will simply blame the old, as happened when Somerset County Council’s joint venture deal with IBM, Southwest One, went into dispute.

In essence, with the local elections only two months away, Cornwall Council’s cabinet has a freedom to make whatever decision it likes with impunity; and it appears to be taking that freedom to an extreme, almost to the point of sounding, in the latest SIP report, as if the council is an arms-length marketing agent of BT.

Cornwall Council’s cabinet has a mandate from the full council to move to a contract with BT. The full council has voted to “support” a deal. But that vote was a mandate to negotiate, not to sign anything BT wants to sign.

Openness has gone out of the window and BT, it seems, is no longer being rigorously  challenged – by Cornwall’s cabinet, the full council, the public or the media.

How exactly can BT guarantee jobs and make savings? We don’t know. The Cabinet isn’t saying, and its members are doing all they can to stop councillors saying.

Are BT’s promises reliant on the fact that IT is subject to constant and sometimes costly change – often unforeseen change – and that is bound to continue, at least in the form of supporting changing legislation and reorganisations?

Unforeseen changes could add unforeseen costs which the council may have to pay because IT is at the heart of business continuity.  In any dispute with the council  – and BT knows its way around the world of contested contracts – the company would have the upper hand because of its experience with litigation and the fact that the council would need undisrupted IT at a time of change and could not afford, without risk, to take the service back in-house.

We have seen how normality broke down at Mid Staffs NHS Foundation Trust amid a lack of openness and excessive defensiveness;  and we have seen, in Somerset County Council’s joint venture with IBM, Southwest One, what can happen when a contract signing is rushed.

Cornwall Council’s cabinet is doing both. It is rushing to sign a contract; and it is rushing to sign it amid excessive secrecy.

Surely Cornwall Council can do better than slip into the shadows to sign a deal with BT before the council elections in May?  If it is such a good deal, the new council will want to sign it. A new council should have the chance to do so.

For Cornwall Council to outsource now what is arguably its single most important internal resource – IT – is bad for local democracy: it is snub to anyone who holds true the idea that local councillors are accountable to local people.

Thank you to campaigner Dave Orr who drew my attention to information that made this post possible.

* Cornwall Council, by the way, has one of the best local authority websites I have seen.  If the website is a reflection of the imagination and efficiency of its IT department, Cornwall Council should be selling its IT skills to BT for a small fortune – not giving staff away.

Chief Procurement Officer quits for private sector

Tony Collins

John Collington has resigned as Government Chief Procurement Officer after little more than a year in the post.

Collington’s resignation is reported by Peter Smith of Spend Matters. Smith says that Collington is to become Chief Operating Officer of Alexander Mann Solutions, a leading “Recruitment Process Outsourcing” firm.

“We might have expected consultancy, or software, but Collington has been involved in shared services in recent months and has a track record in outsourcing from his time at Accenture and I believe even before that.

“He’s got strong operational skills which should play to the COO role …” says Smith.

“Francis Maude gave Collington a glowing testimonial, as we might expect…But then Cabinet Office have to spoil it by talking nonsense …”

The Cabinet Office said Collington has reduced overall spend on goods and services from £51bn to £45bn and spend with SMEs is estimated to have doubled to £6bn, along with a 73 per cent reduction in spend on consultancy and contingent labour.

“We accept he has helped to reduce spend but, given he has no budget of his own, it’s a bit much to say he ‘has reduced overall spend’…” says Smith.

“And as Cabinet Office themselves know very well, they have no clue whether spend with SMEs has doubled, given the robustness (or lack of) around the data …”

It appears that Collington was a believer in incremental reform. He was not a Chris Chant who spoke of the need for radical reform. Chant argued with force  that high costs, present ways of working and the dominance of a few major suppliers were unacceptable.

Collington reported to Ian Watmore who was Permanent Secretary at the Cabinet Office. Watmore has also resigned.

**

Nigel Smith, formerly head of the Office of Government Commerce [now subsumed into the Cabinet Office], was one the harshest critics of the way government bought goods and services.

Smith said in June 2010 that up to £220bn – nearly a third of everything government spent – was on procurement. But there were 44,000 buying organisations in the public sector which bought “roughly the same things, or similar things, in basic commodity categories” such as IT and office supplies. There were 42 professional buying organisations in public sector.

He said there was “massive duplication” of activity. We wonder how much has changed since then.

Spend Matters

Collington appointed Chief Procurement Officer

Timetable for HMRC’s work on Universal Credit is “challenging” says NAO

By Tony Collins

Today’s report of the National Audit Office on the accounts of HMRC is, perhaps diplomatically, silent on the performance of HMRC’s work so far on Universal Credit, other than to say the timetable for roll-out beginning in October next year is “challenging”.

There have been internal assessments of HMRC’s “Real Time Information” [RTI] project, on which the success of Universal Credit is dependent, but none has been published other than the “Starting Gate”.

Today’s NAO report on HMRC says the “timetable for implementation of RTI is challenging”. It adds:

“The Department for Work and Pension’s timetable to implement Universal Credit is driving the timetable to roll-out RTI. The Department for Work and Pensions requires real time PAYE information on employment and pension income to award and adjust Universal Credit.

“It is rolling out Universal Credit from October 2013 to 2017. All employers and pension providers need to be using RTI by October 2013 to meet this timetable.

“The Department met its milestone to start its RTI pilot in April 2012 with ten employers. By July 2012, it expects a further 310 employers will be using RTI. At 31 May 2012, 209 PAYE schemes covering 1.5 million individual records were using RTI.”

NAO report on HMRC’s 2011/12 accounts

HMRC still plagued by IT problems.

Time for truth on Universal Credit

HMRC “still plagued by IT problems”

By Tony Collins

HMRC has one of the biggest IT outsourcing contracts in central government, a deal worth about £8bn with Capgemini, which began in 2004. Before that, between 1994 and 2004, the main IT supplier was EDS, now HP. But HMRC has had pervasive IT-related challenges for more than a decade.

Today Margaret Hodge, Chair of the Committee of Public Accounts, commented   on a report by the National Audit Office on HM Revenue & Customs’ 2011-12 accounts.

“Sadly it is no surprise that the NAO has found substantial problems with the HMRC’s accounts. This year has seen a litany of tax errors and scandals come to light with mistakes made at the most senior level from the Permanent Secretary for Tax downwards.

“The sheer scale of waste and mismanagement at HMRC never ceases to shock me. Without even mentioning the tax gap, in 2011-12 the Department wrote off a staggering £5.2 billion of tax owed, overpaid nearly £2.5 billion in tax credits due to fraud and error and underpaid around £290 million.

“In some areas the Department is moving in the right direction and has made progress to implement improvement plans. But the Department is still plagued by IT problems; limiting, for example, its ability to link together the debts owed by tax payers across different tax streams.

“With its long history of large scale IT failures, the Department needs to get a grip before it introduces its new real time PAYE information systems and begins the high-risk move from tax credits to the Universal Credit.”

Timetable for HMRC’s work on Universal Credit is “challenging” says NAO.

NAO – HMRC’s 2011/12 accounts

Time for truth on Universal Credit.