Tag Archives: outsourcing

Excellent reports on lessons from Universal Credit IT project published today – but who’s listening?

By Tony Collins

“People burst into tears, so relieved were they that they could tell someone what was happening.”

The Institute for Government has today published one of the most incisive – and revelatory – reports ever produced on a big government IT project.

It concludes that the Universal Credit IT programme may now be in recovery after a disastrous start, but recovery does not mean recovered. Much could yet floor the programme, which is due to be complete in 2022.

The Institute’s main report is written by Nick Timmins, a former Financial Times journalist, who has written many articles on failed publicly-funded IT-based projects.

His invaluable report, “Universal Credit – from disaster to recovery?” – includes interviews with David Pitchford, a key figure in the Universal Credit programme, and Howard Shiplee who led the Universal Credit project.

Timmins also spoke to insiders, including DWP directors, who are not named, and the former secretary of state at the Department for Work and Pensions Iain Duncan Smith and the DWP’s welfare reform minster Lord Freud.

Separately the Institute has published a shorter report “Learning the lessons from Universal Credit which picks out from Timmins’ findings five “critical” lessons for future government projects. This report, too, is clear and jargon-free.

Much of the information on the Universal Credit IT programme in the Timmins report is new. It gives insights, for instance, into the positions of Universal Credit’s major suppliers HP, IBM, Accenture.

It also unearths what can be seen, in retrospect, to be a series of self-destructive decisions and manoeuvres by the Department for Work and Pensions.

But the main lessons in the report – such as an institutional and political inability to face up to or hear bad news – are not new, which raises the question of whether any of the lessons will be heeded by future government leaders – ministers and civil servants – given that Whitehall departments have been making the same mistakes, or similar ones, for decades?

DWP culture of suppressing any bad news continues

Indeed, even as the reports lament a lack of honesty over discussing or even mentioning problems – a “culture of denial” – Lord Freud, the minister in charge of welfare reform, is endorsing FOI refusals to publish the latest risk registers, project assessment reviews and other Universal Credit reports kept by the Department for Work and Pensions.

More than once Timmins expresses his surprise at the lack of information about the programme that is in the public domain. In the “acknowledgements” section at the back of his report Timmins says,

“Drafts of this study were read at various stages by many of the interviewees, and there remained disputes not just about interpretation but also, from some of them, about facts.

“Some of that might be resolvable by access to the huge welter of documents around Universal Credit that are not in the public domain. But that, by definition, is not possible at this stage.”

Churn of project leaders continues

Timmins and the Institute warn about the “churn” of project leaders, and the need for stable top jobs.

But even as the Institute’s reports were being finalised HMRC was losing its much respected chief digital officer Mark Dearnley, who has been in charge of what is arguably the department’s riskiest-ever IT-related programme, to transfer of legacy systems to multiple suppliers as part of the dismantling of the £8bn “Aspire” outourcing venture with Capgemini.

Single biggest cause of Universal Credit’s bad start?

Insiders told Timmins that the fraught start of Universal Credit might have been avoided if Terry Moran had been left as a “star” senior responsible owner of the programme. But Moran was given two jobs and ended up having a breakdown.

In January 2011, as the design and build on Universal Credit started, Terry Moran was given the job of senior responsible owner of the project but a few months later the DWP’s permanent secretary Robert Devereux took the “odd” decision to make Moran chief operating officer for the entire department as well. One director within the DWP told Timmins:

“Terry was a star. A real ‘can do’ civil servant. But he couldn’t say no to the twin posts. And the job was overwhelming.”

The director claimed that Iain Duncan Smith told Moran – a point denied by IDS – that if Universal Credit were to fail that would be a personal humiliation and one he was not prepared to contemplate. “That was very different from the usual ministerial joke that ‘failure is not an option’. The underlying message was that ‘I don’t want bad news’, almost in words of one syllable. And this was in a department whose default mode is not to bring bad news to the top. ‘We will handle ministers’ is the way the department operates…”

According to an insider, “Terry Moran being given the two jobs was against Iain’s instructions. Iain repeatedly asked Robert [Devereux] not to do this and Robert repeatedly gave him assurances that this would be okay” – an account IDS confirms. In September 2012, Moran was to have a breakdown that led to early retirement in March 2013. He recorded later for the mental health charity Time to Talk that “eventually, I took on more and more until the weight of my responsibilities and my ability to discharge them just grew too much for me”.

Timmins was told, “You cannot have someone running the biggest operational part of government [paying out £160bn of benefits a year] and devising Universal Credit. That was simply unsustainable,”

Timmins says in his report, “There remains a view among some former and current DWP civil servants that had that not happened (Moran being given two jobs), the programme would not have hit the trouble it did. ‘Had he been left solely with responsibility for UC [Universal Credit], I and others believe he could have delivered it, notwithstanding the huge challenges of the task,’ one says.”

Reviews of Universal IT “failed”

Timmins makes the point that reviews of Universal Credit by the Major Projects Authority failed to convey in clear enough language that the Universal Credit programme was in deep trouble.

“The [Major Projects Authority] report highlighted a lack of sufficient substantive action on the points raised in the March study. It raised ‘high’ levels of concern about much of the programme – ‘high’ being a lower level of concern than ‘critical’. But according to those who have seen the report, it did not yet say in words of one syllable that the programme was in deep trouble.”

Iain Duncan Smith told Timmins that the the Major Projects review process “failed me” by not warning early enough of fundamental problems. It was the ‘red team’ report that did that, he says, and its contents made grim reading when it landed at the end of July in 2012.

Train crash on the way

The MPA [Cabinet Office’s Major Projects Authority] reviewed the programme in March 2011. “MPA reports are not in the public domain. But it is clear that the first of these flagged up a string of issues that needed to be tackled …

” In June a member of the team developing the new government’s pan-government website – gov.uk – was invited up to Warrington [base for the Universal Credit IT team] to give a presentation on how it was using an agile approach to do that.

“At the end of the presentation, according to one insider, a small number from the audience stayed behind, eyeing each other warily, but all wanting to talk. Most of them were freelancers working for the suppliers. ‘Their message,’ the insider says, ‘was that this was a train crash on the way’ – a message that was duly reported back to the Cabinet Office, but not, apparently, to the DWP and IDS.”

Scared to tell the truth

On another occasion when the Major Projects Authority visited the IT team at Warrington for the purposes of its review, the review team members decided that “to get to the truth they had to make people not scared to tell the truth”. So the MPA “did a lot of one-on-one interviews, assuring people that what they said would not be attributable. And under nearly every stone was chaos.

“People burst into tears, so relieved were they that they could tell someone what was happening.

” There was one young lad from one of the suppliers who said: ‘Just don’t put this thing [Universal Credit] online. I am a public servant at heart. It is a complete security disaster.’

IBM, Accenture and HP

“Among those starting to be worried were the major suppliers – Accenture, HP and IBM. They started writing formal letters to the department.

‘Our message,’ according to one supplier, ‘was: ‘Look, this isn’t working. We’ll go on taking your money. But it isn’t going to work’.’ Stephen Brien [then expert adviser to IDS] says of those letters: ‘I don’t think Iain saw them at that time, and I certainly didn’t see them at the time.”

At one point “serious consideration was given to suing the suppliers but they had written their warning letters and it rapidly became clear that that was not an option”.

Howard Shiplee, former head of the project, told Timmins that he had asked himself ‘how it could be that a very large group of clever people drawn from the DWP IT department with deep experience of the development and operation of their own massive IT systems and leading industry IT suppliers had combined to get the entire process so very wrong? Equally, ‘how could another group of clever people [the GDS team] pass such damning judgement on this earlier work and at the stroke of a pen seek to write off millions of pounds of taxpayers’ money?’

Shiplee commissioned a review from PwC on the work carried out to date and discovered that the major suppliers “were genuinely concerned to have their work done properly, support DWP and recover their reputations”.

In addition, when funding had been blocked at the end of 2012, the suppliers “had not simply downed tools but had carried on development work for almost three months” as they ran down the large teams that had been working on it.

“As a result, they had completed the development for single claimants that was being used in the pathfinder and made considerable progress on claims for couples and families. And their work, the PwC evaluation said, was of good quality.”

On time?

When alarm bells finally started ringing around Whitehall that Universal Credit was in trouble,  IDS found himself under siege. Stephen Brien says IDS was having to battle with the Treasury to keep the funding going for the project. He had to demonstrate that the programme was on time and on budget.

‘The department wanted to support him in that, and didn’t tell him all the things that were going wrong. I found out about some of them, but I didn’t push as hard as I should have. And looking back, the MPA [Major Projects Authority] meetings and the MPA reports were all handled with a siege mentality. We all felt we had to stand shoulder to shoulder defending where we were and not really using them to ask: ‘Are we where we should be?’

‘As a result we were not helping ourselves, and we certainly were not helping others, including the MPA. But we did get to the stage between the end of 2011 and the spring of 2012 where we said: ‘Okay, let’s get a red team in with the time and space to do our own challenge.’”

The DWP’s “caste” system

A new IT team was created in Victoria Street, London – away from Warrington but outside the DWP’s Caxton Street headquarters. It started to take a genuinely agile approach to the new system. One of those involved told Timmins:

“It had all been hampered by this caste system in the department where there is a policy elite, then the operational people, and then the technical people below that.

“And you would say to the operational people: ‘Why have you not been screaming that this will never work?’ And they’d say: ‘Well, we’re being handed this piece of sh** and we are just going to have to make it work with workarounds, to deal with the fact that we don’t want people to starve. So we will have to work out our own processes, which the policy people will never see, and we will find a way to make it work.’

Twin-track approach

IBM, HP and Accenture built what’s now known as the “live” system which enabled Universal Credit to get underway, and claims to be made in jobcentres.

It uses, in part, the traditional “waterfall” approach and has cost hundreds of millions of pounds. In contrast there’s a separate in-house “digital” system that has cost less than £10m and is an “agile” project.

A key issue, Shiplee told Timmins, was that the new digital team “would not even discuss the preceding work done by the DWP and its IT suppliers”. The digital team had, he says, “a messiah-like approach that they were going to rebuild everything from scratch”.

Rather than write everything off, Shiplee wanted ideally to marry the “front-end” apps that the GDS/DWP team in Victoria Street was developing with the work already done. But “entrenched attitudes” made that impossible. The only sensible solution, he decided, was a “twin-track” approach.

“The Cabinet Office remained adamant that the DWP should simply switch to the new digital version – which it had now become clear, by late summer, would take far longer to build than they anticipated – telling the DWP that the problem was that using the original software would mean ‘creating a temporary service, and temporary will become permanent’.

“All of which led to the next big decision, which, to date, has been one of the defining ones. In November 2013, a mighty and fraught meeting of ministers and officials was convened. Pretty much everyone was there. The DWP ministers, Francis Maude (Cabinet Office minister), Oliver Letwin who was Cameron’s policy overlord, Sir Jeremy Heywood, the Cabinet Secretary, Sir Bob Kerslake, the head of the home civil service, plus a clutch of DWP officials including Robert Devereux and Howard Shiplee as the senior responsible owner along with Danny Alexander and Treasury representatives.

“The decision was whether to give up on the original build, or run a twin-track approach: in other words, to extend the use of the original build that was by now being used in just over a dozen offices – what became dubbed the ‘live’ service – before the new, and hopefully much more effective, digital approach was finished and on stream.

“It was a tough and far from pleasant meeting that is etched in the memories of those who were there…

“One of those present who favoured the twin-track approach says: There were voices for writing the whole of the original off. But that would have been too much for Robert Devereux [the DWP’s Permanent Secretary] and IDS.

” So the twin-track approach was settled on – writing a lot of the original IT down rather than simply writing it off. That, in fact, has had some advantages even if technically it was probably the wrong decision…

“It has, however, seen parts of the culture change that Universal Credit involves being rolled out into DWP offices as more have adopted Universal Credit, even if the IT still requires big workarounds.

“More and more offices, for example, have been using the new claimant commitment, which is itself an important part of Universal Credit. So it has been possible to train thousands of staff in that, and get more and more claimants used to it, while also providing feedback for the new build.”

Francis Maude was among those who objected to the twin-track approach, according to leaked minutes of the project oversight board at around this time.

Lord Freud told Timmins,

‘Francis was adamant that we should not go with the live system [that is, the original build]. He wanted to kill it. But we, the DWP, did not believe that the digital system would be ready on anything like the timescales they were talking about then …But I knew that if you killed the live system, you killed Universal Credit…”

In the end the twin-track approach was agreed by a majority. But the development of the ‘agile’ digital service was immediately hampered by a spat over how quickly staff from the GDS were to be withdrawn from the project.

Fury over National Audit Office report

In 2013 the National Audit Office published a report Universal Credit – early progress –  that, for the first time, brought details of the problems on the Universal Credit programme into the public domain. Timmins’ report says that IDS and Lord Freud were furious.

“IDS and, to an only slightly lesser extent, Lord Freud were furious about the NAO report; and thus highly defensive.”

IDS tried to present the findings of the National Audit Office as purely historical.

In November 2014, the NAO reported again on Universal Credit. It once more disclosed something that ministers had not announced – that the timetable had again been put back two years (which raises further questions about why Lord Freud continues to refuse FOI requests that would put into the public domain – and inform MPs – about project problems, risks and delays without waiting for an NAO report to be published)..

Danny Alexander “cut through” bureaucracy

During one period, the Treasury approval of cash became particularly acute. Lord Freud told Timmins:

“We faced double approvals. We had approval about any contract variation from the Cabinet Office and then approvals for the money separately from the Treasury.

“The Government Digital Service got impatient because they wanted to make sure that the department had the ability to build internally rather than going out to Accenture and IBM, who (sic) they hate.

“The approvals were ricocheting between the Cabinet Office and the Treasury and when we were trying to do rapid iteration. That was producing huge delays, which were undermining everything. So in the end Danny Alexander [Lib-dem MP who was chief secretary to the Treasury] said: ‘I will clear this on my own authority.’ And that was crucial. Danny cut through all of that.”

Optimism bias

So-called optimism bias – over-optimism – is “such a common cause of failure in both public and private projects that it seems quite remarkable that it needs restating. But it does – endlessly”.

Timmins says the original Universal Credit white paper – written long before the start of the programme – stated that it would involve “an IT development of moderate scale, which the Department for Work and Pensions and its suppliers are confident of handling within budget and timescale”.

David Pitchford told Timmins,

“One of the greatest adages I have been taught and have learnt over the years in terms of major projects is that hope is not a management tool. Hoping it is all going to come out all right doesn’t cut it with something of this magnitude.

“The importance of having a genuine diagnostic machine that creates recommendations that are mandatory just can’t be overstated. It just changes the whole outcome completely. As opposed to obfuscation and optimism bias being the basis of the reporting framework. It goes to a genuine understanding and knowledge of what is going on and what is going wrong.”

Sir Bob Kerslake, who also identified the ‘good news culture’ of the DWP as being a problem, told Timmins,

“All organisations should have that ability to be very tough about what is and isn’t working. The people at the top have rose-tinted specs. They always do. It goes with the territory.

And unless you are prepared to embrace people saying that ‘really, this is in a bad place’… I can think of points where I have done big projects where it was incredibly important that we delivered the unwelcome news of where we were on that project. But it saved me, and saved my career.”


Timmins makes good arguments for his claim that the Universal Credit programme may be in recovery – but not recovered – and that improvements have been made in governance to allow for decisions to be properly questioned.

But there is no evidence the DWP’s “good news” culture has changed. For instance the DWP says that more than 300,000 people are claiming Universal Credit but the figure has not been audited and it’s unclear whether claimants who have come off the benefit and returned to it – perhaps several times – are being double counted.

Timmins points out the many uncertainties that cloud the future of the Universal Credit programme  – how well the IT will work, whether policy changes will hit the programme, whether enough staff will remain in jobcentres, and whether the DWP will have good relations with local authorities that are key to the delivery of Universal Credit but are under their own stresses and strains with resourcing.

There are also concerns about what changes the Scots and Northern Irish may want under their devolved powers, and the risk that any ‘economic shock’ post the referendum pushes up the volume of claimants with which the DWP has to deal.

 Could Universal Credit fail for non-IT reasons?

Timmins says,

“In seeking to drive people to higher earnings and more independence from the benefits system, there will be more intrusion into and control over the lives of people who are in work than under the current benefits system. And there are those who believe that such an approach – sanctioning people who are already working – will prove to be political dynamite.”

The dire consequences of IT-related failure

It is also worth noting that Universal Credit raises the stakes for the DWP in terms of its payment performance, says Timmins.

“If a tax credit or a Jobseeker’s Allowance payment or any of the others in the group of six go awry, claimants are rarely left penniless in the sense that other payments – for example, Housing Benefit in the case of Jobseeker’s Allowance or tax credits, – continue.

“If a Universal Credit payment fails, then all the support from the state, other than Child Benefit or disability benefits not included within Universal Credit, disappears.”

This happened recently in Scotland when an IT failure left hundreds of families penniless. The DWP’s public response was to describe the failure in Scotland as “small-scale”.


What a report.

It is easy to see how much work has gone into it. Timmins has coupled his own knowledge of IT-related failure with a thorough investigation into what has gone wrong and what lessons can be learned.

That said it may make no difference. The Institute in its “lessons” report uses phrases such as “government needs to make sure…”. But governments change and new administrations have an abundance – usually a superfluity – of confidence and ambition. They regard learning lessons from the past as putting on brakes or “nay saying”. You have to get with the programme, or quit.

Lessons are always the same

There will always be top-level changes within the DWP. Austerity will always be a factor.  The culture of denial of bad news, over-optimism about what can be achieved by when and how easily it can be achieved, over-expectations of internal capability, over-expectation of what suppliers can deliver, embarking on a huge project without clearly or fully understanding what it will involve, not listening diligently to potential users and ridiculously short timescales are all well-known lessons.

So why do new governments keep repeating them?

When Universal Credit’s successor is started in say 2032, the same mistakes will probably be repeated and the Institute for Government, or its successor, will write another similar report on the lessons to be learned.

When Campaign4Change commented in 2013 that Universal Credit would probably not be delivered before 2020 at the earliest, it was an isolated voice. At the time, the DWP press office – and its ministers – were saying the project was on budget and “on time”.


The National Audit Office has highlighted similar lessons to those in the Timmins report, for example in NAO reports on the NPfIT – the NHS IT programme that was the world’s largest non-military IT scheme until it was dismantled in 2011. It was one of the world’s biggest IT disasters – and none of its lessons was learned on the Universal Credit programme.

The NPfIT had an anti-bad news culture. It did not talk enough to end users. It had ludicrous deadlines and ambitions. The politicians in charge kept changing, as did some of programme leaders. There was little if any effective internal or external challenge. By the time it was dismantled the NPfIT had lost billions.

What the Institute for Government could ask now is, with the emasculation of the Government Digital Service and the absence of a powerful Francis Maude figure, what will stop government departments including the DWP making exactly the mistakes the IfG identifies on big future IT-enabled programmes?

In future somebody needs the power to say that unless there is adequate internal and external challenge this programme must STOP – even if this means contradicting a secretary of state or a permanent secretary who have too much personal and emotional equity in the project to allow it to stop. That “somebody” used to be Francis Maude. Now he has no effective replacement.


It’s also worth noting in the Timmins report that everyone seems to be a victim, including the ministers. But who are perpetrators? Timmins tries to identify them. IDS does not come out the report smelling of roses. His passion for success proved a good and bad thing.

Whether the direction was forwards or backwards IDS  was the fuel that kept Universal Credit going.  On the other hand his passion made it impossible for civil servants to give him bad news – though Timmins raises questions about whether officials would have imparted bad news to any secretary of state, given the DWP’s culture.

Neither does the DWP’s permanent secretary Robert Devereux emerge particularly well from the report.

How it is possible for things to go so badly wrong with there being nobody to blame? The irony is that the only people to have suffered are the genuine innocents – the middle and senior managers who have most contributed to Universal Credit apparent recovery – people like Terry Moran.

Perhaps the Timmins report should be required reading among all involved in future major projects. Competence cannot be made mandatory. An understanding of the common mistakes can.

Thank you to FOI campaigner Dave Orr for alerting me to the Institute’s Universal Credit reports.

Thanks also to IT projects professional John Slater – @AmateurFOI – who has kept me informed of his FOI requests for Universal Credit IT reports that the DWP habitually refuse. 

Update 18.00 6 September 2016

In a tweet today John Slater ( @AmateurFOI ) makes the important point that he asked the DWP and MPA whether either had held a “lessons learned” exercise in the light of the “reset” of the Universal Credit IT programme. The answer was no.

This perhaps reinforces the impression that the DWP is irredeemably complacent, which is not a good position from which to lead major IT projects in future.

Universal Credit – from disaster to recovery?

Learning the lessons from Universal Credit


Aspire: eight lessons from the UK’s biggest IT contract

By Tony Collins

How do you quit a £10bn IT contract in which suppliers have become limbs of your organisation?

Thanks to reports by the National Audit Office, the questioning of HMRC civil servants by the Public Accounts Committee, answers to FOI requests, and job adverts for senior HMRC posts, it’s possible to gain a rare insight into some of the sensitive commercial matters that are usually hidden when the end of a huge IT contract draws closer.

Partly because of the footnotes, the latest National Audit Office memorandum on Aspire (June 2016) has insights that make it one of the most incisive reports it has produced on the department’s IT in more than 30 years.

Soaring costs?

Aspire is the government’s biggest IT-related contract. Inland Revenue, as it was then, signed a 10-year outsourcing deal with HP (then EDS) in 1994, and transferred about 2,000 civil servants to the company. The deal was expected to cost £2bn over 10 years.

After Customs and Excise, with its Fujitsu VME-based IT estate, was merged with Inland Revenue’s in 2005, the cost of the total outsourcing deal with HP rose to about £3bn.

In 2004 most of the IT staff and HMRC’s assets transferred to Capgemini under a contract known as Aspire – Acquiring Strategic Partners for Inland Revenue. Aspire’s main subcontractors were Accenture and Fujitsu.

In subsequent years the cost of the 10-year Aspire contract shot up from about £3bn to about £8bn, yielding combined profits to Capgemini and Fujitsu of £1.2bn – more than double the £500m originally modelled. The profit margin was 15.8% compared to 12.3% originally modelled.

The National Audit Office said in a report on Aspire in 2014 that HMRC had not handled costs well. The NAO now estimates the cost of the extended (13-year) Aspire contract from 2004 to 2017 to be about £10bn.

Between April 2006 and March 2014, Aspire accounted for about 84% of HMRC’s total spending on technology.

Servers that typically cost £30,000 a year to run under Aspire – and there are about 4,000 servers at HMRC today – cost between £6,000 when run internally or as low as £4,000 a year in the commodity market.

How could the Aspire spend continue – and without a modernisation of the IT estate?

A good service

HMRC has been generally pleased with the quality of service from Aspire’s suppliers.  Major systems have run with reducing amounts of downtime, and Capgemini has helped to build many new systems.

Where things have gone wrong, HMRC appears to have been as much to blame as the suppliers, partly because development work was hit routinely by a plethora of changes to the agreed specifications.

Arguably the two biggest problems with Aspire have been cost and lack of control.  In the 10 years between 2004 and 2014 HMRC paid an average of £813m a year to Aspire’s suppliers.  And it paid above market rates, according to the National Audit Office.

By the time the Cabinet Office’s Efficiency and Reform Group announced in 2014 that it was seeking to outlaw “bloated and wasteful” contracts, especially ones over £100m, HMRC had already taken steps to end Aspire.

It decided to break up its IT systems into chunks it could manage, control and, to some extent, commoditise.

HMRC’s senior managers expected an end to Aspire by 2017. But unexpected events at the Department for Work and Pensions put paid to HMRC’s plan …

Eight lessons from Aspire

1. Your IT may not be transformed by outsourcing.  That may be the intention at the outset. But it didn’t happen when Somerset County Council outsourced IT to IBM in 2007 and it hasn’t happened in the 12 years of the Aspire contract.

 “The Aspire contract has provided stable but expensive IT systems. The contract has contributed to HMRC’s technology becoming out of date,” said the National Audit Office in its June 2016 memorandum.

Mark DearnleyAnd Mark Dearnley, HMRC’s Chief Digital Information Officer and main board member, told the Public Accounts Committee last week,

“Some of the technology we use is definitely past its best-before date.”

2. You won’t realise how little you understand your outsourced IT until you look at ending a long-term deal.

Confidently and openly answering a series of trenchant questions from MP Richard Bacon at last week’s Public Accounts Committee hearing, Dearnley said,

“It’s inevitable in any large black box outsourcing deal that there are details when you get right into it that you don’t know what’s going on. So yes, that’s what we’re learning.”

3. Suppliers may seem almost philanthropic in the run-up to a large outsourcing deal because they accept losses in the early part of a contract and make up for them in later years.

Dearnley said,

“What we are finding is that it [the break-up of Aspire] is forcing us to have much cleaner commercial conversations, not getting into some of the traditional arrangements.

” If I go away from Aspire and talk about the typical outsourcing industry of the last ten years most contracts lost money in their first few years for the supplier, and the supplier relied on making money in the later years of the contract.

“What that tended to mean was that as time moved on and you wanted to change the contract the supplier was not particularly incented to want to change it because they wanted to make their money at the end.

“What we’re focusing on is making sure the deals are clean, simple, really easy to understand, and don’t mortgage the future and that we can change as the environment evolves and the world changes.”

4. If you want deeper-than-expected costs in the later years of the contract, expect suppliers to make up the money in contract extensions.

Aspire was due originally to end in 2004. Then it went to 2017 after suppliers negotiated a three-year extension in 2007. Now completion of the exit is not planned until 2020, though some services have already been insourced and more will be over the next four years.

The National Audit Office’s June 2016 memorandum reveals how the contract extension from 2017 to 2020 came about.

HMRC had a non-binding agreement with Capgemini to exit from all Aspire services by June 2017. But HMRC had little choice but to soften this approach when Capgemini’s negotiating position was unexpectedly strengthened by IT deals being struck by other departments, particularly the Department for Work and Pensions.

Cabinet Office “red lines” said that government would not extend existing contracts without a compelling case. But the DWP found that instead of being able to exit a large hosting contract with HP in February 2015 it would have to consider a variation to the contract to enable a controlled disaggregation of services from February 2015 to February 2018.

When the DWP announced it was planning to extend its IT contract with its prime supplier HP Enterprise, HMRC was already in the process of agreeing with Capgemini the contract changes necessary to formalise their agreement to exit the Aspire deal in 2017.

“Capgemini considered that this extension, combined with other public bodies planning to extend their IT contracts, meant that the government had changed its position on extensions…

“Capgemini therefore pushed for contract extensions for some Aspire services as a condition of agreeing to other services being transferred to HMRC before the end of the Aspire contract,” said the NAO’s June 2016 memo.

5. It’s naïve to expect a large IT contract to transfer risks to the supplier (s).

At last week’s Public Accounts Committee hearing, Richard Bacon wanted to know if HMRC was taking on more risk by replacing the Aspire contract with a mixture of insourced IT and smaller commoditised contracts of no more than three years. Asked by Bacon whether HMRC is taking on more risk Dearnley replied,

“Yes and no – the risk was always ours. We had some of it backed of it backed off in contract. You can debate just how valuable contract backing off is relative to £500bn (the annual amount of tax collected).  We will never back all of that off. We are much closer and much more on top of the service, the delivery, the projects and the ownership (in the gradual replacement of Aspire).”

6. Few organisations seeking to end monolithic outsourcing deals will have the transition overseen by someone as clear-sighted as Mark Dearnley.

His plain speaking appeared to impress even the chairman of the Public Accounts Committee Meg Hillier who asked him at the end of last week’s hearing,

Meg Hillier

Meg Hillier

“And what are your plans? One of the problems we often see in this Committee is people in very senior positions such as yours moving on very quickly. You have had a stellar career in the private sector…

“We hope that those negotiations move apace, because I suspect – and it is perhaps unfair to ask Mr Dearnley to comment – that to lose someone senior at this point would not be good news, given the challenges outlined in the [NAO] Report,” asked Hillier.

Dearnley then gave a slightly embarrassed look to Jon Thomson, HMRC’s chief executive and first permanent secretary. Dearnley replied,

“Jon and I are looking at each other because you are right. Technically my contract finishes at the end of September because I was here for three years. As Jon has just arrived, it is a conversation we have just begun.”

Hiller said,

“I would hope that you are going to have that conversation.”

Richard Bacon added,

“Get your skates on, Mr Thompson; we want to keep him.”

Thompson said,

“We all share the same aspiration. We are in negotiations.”

7. Be prepared to set aside millions of pounds – in addition to the normal costs of the outsourcing – on exiting.

HMRC is setting aside a gigantic sum – £700m. Around a quarter of this, said the National Audit Office, is accounted for by optimism bias. The estimates also include costs that HMRC will only incur if certain risks materialise.

In particular, HMRC has allowed around £100m for the costs of transferring data from servers currently managed by Aspire suppliers to providers that will make use of cloud computing technology. This cost will only be incurred if a second HMRC programme – which focuses on how HMRC exploits cloud technology – is unsuccessful.

Other costs of the so-called Columbus programme to replace Aspire include the cost of buying back assets, plus staff, consultancy and legal costs.

8. Projected savings from quitting a large contract could dwarf the exit costs.

HMRC has estimated the possible minimum and possible maximum savings from replacing Aspire. Even the minimum estimated savings would more than justify the organisational time involved and the challenge of building up new corporate cultures and skills in-house while keeping new and existing services running smoothly.

By replacing Aspire and improving the way IT services are organised and delivered, HMRC expects to save – each year – about £200m net, after taking into account the possible exit costs of £700m.

The National Audit Office said most of the savings are calculated on the basis of removing supplier profit margins and overheads on services being brought in-house, and reducing margins on other services from contract changes.

Even if the savings don’t materialise as expected and costs equal savings the benefits of exiting are clear. The alternative is allowing costs to continue to soar while you allow the future of your IT to be determined by what your major suppliers can or will do within reasonable cost limits.


HMRC is leading the way for other government departments, councils, the police and other public bodies.

Dearnley’s approach of breaking IT into smaller manageable chunks that can be managed, controlled, optimised and to some extent commoditised is impressive.  On the cloud alone he is setting up an internal team of 50.

In the past, IT empires were built and retained by senior officials arguing that their systems were unique – too bespoke and complex to be broken up and treated as a commodity to be put into the cloud.

Dearnley’s evidence to the Public Accounts Committee exposes pompous justifications for the status quo as Sir Humphrey-speak.

Both Richard Feynman and Einstein said something to the effect that the more you understand a subject, the simpler you can explain it.

What Dearnley doesn’t yet understand about the HMRC systems that are still run by Capgemini he will doubtless find out about – provided his contract is renewed before September this year.

No doubt HMRC will continue to have its Parliamentary and other critics who will say that the risks of breaking up HMRC’s proven IT systems are a step too far. But the risks to the public purse of keeping the IT largely as it is are, arguably, much greater.

The Department for Work and Pensions has proved that it’s possible to innovate with the so-called digital solution for Universal Credit, without risking payments to vulnerable people.

If the agile approach to Universal Credit fails, existing benefit systems will continue, or a much more expensive waterfall development by the DWP’s major suppliers will probably be used instead.

It is possible to innovate cheaply without endangering existing tax collection and benefit systems.

Imagine the billions that could be saved if every central government department had a Dearnley on the board. HMRC has had decades of largely negative National Audit Office reports on its IT.  Is that about to change?


This morning (22 June 2016) on LinkedIn, management troubleshooter and board adviser Colin Beveridge wrote,

“Good analysis of Aspire and outsourcing challenges. I have seen too many business cases in my career, be they a case for outsourcing, provider transition or insourcing.

“The common factor in all the proposals has been the absence of strategy end of life costs. In other words, the eventual transition costs that will be incurred when the sourcing strategy itself goes end of life. Such costs are never reflected in the original business case, even though their inevitability will have an important impact on the overall integrity of the sourcing strategy business case.

“My rule of thumb is to look for the end of strategy provision in the business case, prior to transition approval. If there is no provision for the eventual sourcing strategy change, then expect to pay dearly in the end.”

June 2016 memorandum on Aspire – National Audit Office

Dearney’s evidence to the Public Accounts Committee

Can all councils open up like this please – even Barnet?

By Tony Collins

Bitten by misfortune over its outsourcing/joint venture deal with IBM, Somerset County  Council has become more open – which seemed unlikely nearly a decade ago.

In 2007 the council and IBM formed Southwest One, a joint services company owned by IBM. The deal was characterised by official secrecy. Even non-confidential financial information on the deal was off-limits.

That’s no longer the case. Humbled a little by a failure of the outsourcing deal (including a legal action launched by IBM that cost the council’s taxpayers at least £5.9m)  local officials and their lawyers don’t automatically reach for the screens when things go wrong.

In 2014 Somerset County Council published a useful report on the lessons learnt from its Southwest One contract.

The latest disclosure is a report to the council’s audit committee meeting in June. The report focuses on the poor management and lack of oversight by some of Somerset’s officers of a range of contractor contracts. The council has 800 contracts, 87 of which are worth over £1m and some worth a lot more.

Given that the Council is committed to becoming an increasingly commissioning authority, it is likely that the total value of contracts will increase in the medium term, says the audit report by the excellent South West Audit Partnership (SWAP).

SWAP put the risk of contracts not being delivered within budget as “high”, but council officers had put this risk initially at only “medium”. SWAP found that the risk of services falling below expected standards or not delivering was “high” but, at the start of the audit assessment, council officers had put the risk at only “medium”.

somerset county council2One contract costing more than £10m a year had no performance indicators that were being actively monitored, said SWAP.

None of the contracts reviewed had an up-to-date risk register to inform performance monitoring.

No corporate contract performance framework was in place for managing contracts above defined thresholds.

“Some key risks are not well managed,” says the report.

“It is acknowledged that the Council has implemented new contract procedural rules from May 2015 which post-dates the contracts reviewed in this audit; however these procedural rules contain only ‘headline’ statements relating to contract management.

“Most notable in the audit work undertaken was the lack of consistency in terms of the approach to contract management across the contracts reviewed. Whilst good practice was found to be in place in several areas, the level of and approach to management of contracts varied greatly.

“No rationale based on proportionality, value, or risk for this variation was found to be in place. The largest contract reviewed had an annual value of over £10 million but no performance indicators were currently being actively monitored.”

Report withdrawn

Soon after the report was published the council withdrew it from its website. It says the Audit Committee meeting for 3 May has been postponed until June. It’s expected that the audit report will be published (again) shortly before that meeting.

Fortunately campaigner Dave Orr downloaded the audit report before it was taken down.


How many councils manage outsourcing and other contracts as unpredictably as Somerset but keep quiet about it?

Why, for example, have Barnet’s officers and ruling councillors not made public any full audit reports on the council’s performance in managing its contracts with Capita?

It could be that councils up and down the country are not properly managing their contracts – or are leaving it to the outsourcing companies to reveal when things go wrong.

Would that regular SWAP reports were published for every council.

All public authorities have internal auditors who may well do a good job but their findings, particularly if they are critical of the management of suppliers, are usually kept confidential.

Freedom of information legislation has made councils more open generally, as has guidance the Department for Communities and Local Government issued in 2014.

But none of this has made councils such as Barnet more open about any problems on its outsourcing deals.

Indeed clear and perceptive audit reports such as the one from SWAP are rare in the world of local government.

All of which raises the question of whether one reason some councils love outsourcing is that they can pass responsibility to suppliers for things that go wrong knowing the public may never find out the full truth because secrecy is still endemic in local government.

Thank you to Dave Orr for drawing my attention to the audit report – and its (temporary) withdrawal.

Somerset Council’s (withdrawn) Audit Committee report

Southwest One – the complete story by Dave Orr

Cornwall a model of openness as outsourcing deal with BT turns sour?

By Tony Collins

Will Barnet Council ever be as open as Cornwall Council has been over the performance of its IT outsourcing supplier?

Two years ago Cornwall signed a 10-year £260m strategic “partnership” with BT. The word “partnership” seems odd now that BT has taken out an injunction against Cornwall to stop the council ending the relationship 8 years early.

The two sides will go to court in December to determine if the council has a right to terminate the contract now.

If it loses  the case, Cornwall will have to retain as its main IT services supplier a company that has been its High Court adversary. The judge may also order the council to pay BT’s legal costs.

The odds may be against Cornwall’s winning because BT has much experience in outsourcing legalities. It’s possible that its managers have been collecting evidence of  any council shortcomings from day 1 of the contract,  in case the relationship turned sour.

But independent Cornwall councillor Andrew Wallis says on his blog that BT is dragging the council to court because of BT’s own failings. The council says BT has not achieved its key performance indicators or met to its guarantees on creating new jobs.

Cornwall council logoCornwall threatened to terminate for breach of contract but did not do so while it was in talks with BT’s senior corporate executives. When an amicable termination could not be agreed BT instructed its lawyers to seek an injunction preventing the council from terminating, which they did at a hearing on 12 August.  The result was that the High Court agreed to an expedited trial that will start on 1 December 2015.

It’s all a far cry from the time two years ago, before the contract was signed, when BT and council officers were promising much, and saying little about what could go awry.

In its literature, amid beautifully-executed artwork and graphics, BT highlighted its success at South Tyneside Council, its sponsorship of events such as Comic Relief, Children in Need and Childline and its presence as one of the largest employers in the South West.

Similarly, Cornwall officers, in 2013,  wrote reassuringly about any forthcoming deal with BT. They said:

“It should also be borne in mind that strategic partnerships are nothing new. BT – and other councils – have been involved in them for more than 10 years.

“Similarly the outsourcing market is mature and well understood. The UK local government IT and Business Process Outsourcing market is the biggest outsourcing market in the world and there are over 100 deals in operation.

“Risks are sometimes managed well and sometimes managed badly. The risks have been mitigated by using expert advisors and the Council has senior officers who understand this territory well.”

A BT spokesman told Government Computing this week:

“BT has commenced legal action to ensure fair and proper handling of the issues which have arisen about BT Cornwall, and while this is taking place, it would be inappropriate for us to comment.”


How is Capita’s performance on its contract at Barnet? We don’t know. The success or otherwise of the deal is blanketed in secrecy. In May Barnet blogger Mr Reasonable offered to make a charity donation of £250 if the council showed it was making the promised savings. The money went unclaimed.

There is no evidence of any failure of Barnet’s outsourcing deal. But would the public or media ever know if the supplier’s performance was falling short of the council’s expectations?

Cornwall has many independent councillors (36 compared with the 37 ruling Liberal Democrats). Debates tend to be on the merits of the matter not on the basis of party politics.

Barnet’s policy is tied in with a political ideology: ruling councillors want to turn Barnet into a “commissioning council” which involves outsourcing as much as possible.

In  practice the bedrock of this ideology is the relationship with Capita. If it went wrong would Barnet have too much to lose to go into dispute? For the sake of its ideology would Barnet accept any quality of service Capita delivers?


In threatening BT with termination because of breaches of contract, Cornwall Council could be criticised for not letting a 10-year outsourcing bed down. It’s unusual for a strategic partnership to end up in court less than 3 years into a 10-year contract.

On the other hand BT promised to create jobs in year 1 and 2 of the contract that the council say have not materialised. Councillors and officers are unhappy about many other aspects of the deal.  BT took on about 280 full-time equivalent council employees, about 130 of whom worked in Information Services.

What’s striking about the history of outsourcing discussions at Cornwall, and the run-up to the signing of a contract, is its openness. It would be easy for BT’s defenders to say that Cornwall’s open, feisty and unforgiving attitude are factors in the strained relationships so far.

On the other hand the problems Cornwall has experienced in the first 2 years of the relationship may be normal in outsourcing deals at other councils. It’s  just that ruling councillors and officers don’t talk about them in public.

All the more credit to Cornwall for its openness.

Barnet’s outsourcing deal may be more successful than Cornwall’s – but how does anyone outside a small group at Barnet really know? Local government and democratic accountability are often uncomfortable bedfellows.

Thank you to Dave Orr who drew my attention to the latest developments at Cornwall Council. 

Cornwall Council rushes to sign BT deal before elections

Cornwall Council tries to pull the plug on BT Cornwall

BT Cornwall is not working for Cornwall as it should

Overview of BT Cornwall’s performance against commitments and guarantees – as perceived by Cornwall’s officers

KPI measures Achieved (185/289) – 64%

PI measures Achieved (266/402) – 66%

Service Transformation (percentage of plans completed) – 38%

Financial contractual baseline savings (10% & 11.6%) – 100%

Trading gain share received (est £17.4m over 10 years) – £0

Guaranteed new jobs in Cornwall (yrs 1 & 2 111 new jobs target / 35.1 created) – 32%

Committed new jobs in Cornwall (yrs 1 & 2) – 0

Some of BT’s pre-outsourcing deal literature for Cornwall’s councillors

  • BT is a FTSE 100 company
  • We are one of the largest employers in the UK and the SW
  • We currently employ > 5,900 people in the South West including 1,028 Cornwall residents
  • BT already makes a financial impact of over £749m a year in the region
  • BT spent >£145m with local suppliers in 2011/12 and will increase this substantially through the Partnership
  • We generate 142,000 fraud referrals each week for the DWP across 50 data sources from 260,000,000 records
  • We undertake c.1,000,000 criminal record checks per annum at Disclosure Scotland to safeguard vulnerable groups.
  • We provide the highly secure directory services for the 260,000 military and civilian defence staff
  • We collect circa £580,000,000 in tax revenues each year on behalf of our local authority partnerships
  • The NHS Spine platform exchanges £3.5m prescription messages per week
  • We are delivering in excess of £500,000,000 savings in partnership with six UK Councils through efficiency and transformation programmes
  • We run one of the worlds largest data warehouses to enable the timely anonymous collection of patient data and information for clinical and billing purposes other than direct patient care .
  • Yes, we do poles and wires…but did you also know in the public sector we process over 532,000 benefits assessments for new applications and change of circumstances each year in our Local Government Partnerships?

Are councillors in Somerset ignoring the wisdom of their auditors?

By Tony Collins

It’s good to see auditors in local government doing their job well  – not accepting verbal assurances and seeking proof that all is well with an outsourced system .

But what if councillors apply a lower standard – and accept verbal assurances without checking them?

A  strong report by the South West Audit Partnership [SWAP] went to councillors at Somerset County Council’s Audit Committee on 2 July 2015. The report was about problems with an outsourced system, the Adults Integrated Solution [AIS].

Although not the original supplier, IBM has provided AIS to Somerset County Council under a 10-year outsourcing contract/joint venture – Southwest One –  that was signed in 2007.

The SWAP report said limited progress has been made in implementing the AIS-related recommendations from its 2012-2013 audit report. It added that:

– AIS performance and response times could be “less than adequate for users’ needs”.

– Southwest One was unwilling to develop a service level agreement specifically for the AIS application.

– “Poor response time has led to the disabling of enhanced audit trails/logs that would make it possible to trace and attribute user activity in the system.” SWAP added that this was “worrying” given that the data involved was “sensitive and personal”.

– SWAP had been refused access to the contract between IBM and Northgate, the original supplier of AIS.

Are verbal assurances worth anything?

Having studied AIS from time to time over 2 years, and spoken to its users, SWAP’s auditors have been reluctant, on some of their concerns, to accept verbal assurances that all is well.

When they have sought documentary evidence to support assurances it hasn’t always been forthcoming.

SWAP said in its latest report:

“Verbal assurances were provided that the ToR for AIS Programme Board had been reviewed and that roles and responsibilities in relation to system ownership had been clarified. However, no evidence was provided to support these assurances.”

Now Somerset’s audit committee has done what its auditors wouldn’t do and has accepted verbal assurances that all is well with AIS.

SWAP’s auditors had expressed a multitude of concerns about AIS. But Somerset’s officers verbally assured audit committee councillors that a single upgrade had solved all the problems.

One officer, in a statement, told Dave Orr, a Somerset resident who campaigns for openness over IBM’s relationship with the council:

“I can confirm that all of the fundamental issues raised through the [SWAP] Audit Report [on AIS] have now been addressed…

“The AIS application is one of the top systems used by local authorities for social care services in the UK. The performance issues referred to in the Audit Report were resolved by a system upgrade.”


It’s difficult if not impossible to see how a single upgrade could address all the points SWAP made – such as the lack of a service level agreement to cover AIS or the refusal by IBM to supply a copy of its contract with Northgate.

Whenever auditors produce a hard-hitting report there will be 2 opposing sides: defenders of what’s being criticised and the auditors.

It is up to the auditors to cut through any dissimulation, obfuscation and prevarication to identify what’s going well, what isn’t, and what the uncertainties and risks are.

Auditors would not be doing their job if they always accepted verbal assurances at face value.

But what if auditors are undermined by councillors who readily accept verbal assurances from their officers who wish to defend the suppliers?

A supplier that doesn’t have to provide documentary evidence can say anything in defence of its systems and the quality of service.

Somerset’s councillors are lucky to have auditors as independently-minded as SWAP.

It’s unlikely that SWAP would accept at face value the Somerset officer’s suggestion that because AIS is widely used it’s unlikely to be a poor system.

This would be like Ford saying a particular Mondeo is unlikely to be at fault because thousands of people happily own one.

Every IT installation is different, even if the main software package is widely used. The hardware, network configuration, load on the network, facilities and interfaces installed will render every IT installation unique.

It’s conceivable that every council client of AIS could have a trouble-free service except Somerset.

Are the council’s audit committee councillors gullible to accept verbal assurances about the problems with AIS being solved without requiring proof?

Where does this leave the 775 users of Somerset’s AIS, many of whom may be having to do difficult work in managing vulnerable adults while trying to cope with what may be one of the UK’s worst outsourced systems?

Thank you to Dave Orr for providing information that made this post possible.

Pity the 775 users who use this outsourced council system?

SWAP report on AIS for Somerset County Council’s Audit Committee 2 July 2015

SWAP 2012-2013 audit report on AIS



Pity the 775 users who use this outsourced council system?

By Tony Collins

Adult care systems are a cinderella IT service for councils.

It’s rare for journalists to write about them, for good or ill, perhaps because they help council staff deal with vulnerable adults. Such systems help with payments to care home and hospice providers. They help staff organise facilities for adults with learning disabilities or dementia, and respite care for adults at risk of abuse.

One such system has 775 users in Somerset. It’s a “critical” application according to the county council there.  The Adults Integrated Solution was originally supplied by Northgate. The system became IBM’s responsibility under a 10-year outsourcing and joint venture, Southwest One.

The latest in a series of excellent reports on the system’s enduring problems by auditors the South West Audit Partnership goes to Somerset County Council’s Audit Committee today (2 July 2015).

How bad is bad?

The report says the system’s response times have been so poor  that audit trails and logs have been disabled. So how can IBM and the council trace and attribute user activity in the system – particularly one handling sensitive and personal data?

The report says this disabling of the audit trial and logs is “worrying”.

Auditors reported on the system’s weaknesses in their 2012/2013 audit report.  Since then there has been only “limited progress” in implementing recommendations, says today’s report.

On some of their priority recommendations, auditors say they have been unable to obtain documentary evidence to support implementation. They have received verbal assurances – but they remain concerned.

The report says that AIS performance and response times “can still be less than adequate for users’ needs” and IBM is unwilling to develop a service level agreement specifically for the AIS application.

Indeed IBM has refused to give the county council a copy of the AIS contract with Northgate and it was not made available to the South West Audit Partnership for its audit of the system.

This may prompt councillors to ask how the council can properly manage a critical application if it has no control over the system or the outsourcer.

Repeated audit reports on the problems appear to have left matters unresolved.

Below are some of the concerns of the South West Audit Partnership as mentioned in its 2012/2013 audit report. It reports today that it has received only “partial” assurances that these problems have been solved.

Applications could be unavailable a month or more

Said the South West Audit Partnership: “We have identified in previous audit reports that there is no tested IT disaster recovery strategy. This is a strategy that would be put into effect in the event the Somerset County Council data centre was unavailable for any reason. Although a contract has been signed with Adam Continuity, applications could still be unavailable for a month or even more.”

No formally-named business system owner

“As of November 2014, Helen Wakeling (AIS System Owner) has left Somerset County Council. The responsibility of AIS system ownership needs to be reassigned and formalised.”

Payments to care providers not properly checked?

“… there does not appear to be a process to ensure payments are authorised, appropriate, complete and accurate…


IBM has no contractual duty to provide a good system

“There is no contractual requirement or service level for Southwest One [IBM] to provide a platform that delivers performance and response time that is acceptable to ASC [Adult Social Care] Operations.”

Data validation?

“Data quality in AIS data is undermined by the lack of robust input validation within the AIS application.

“Client records can be created with a minimum of information. Key personal identifiers such as data of birth, NI number and NHS number do not need to be entered and this both increases the risk of duplicate records and provides less data with which to identify those that have been created…”

Is IBM hiding AIS contract from the council?

“Southwest One currently owns the contract with Northgate and would not provide SWAP with a copy. As a result SWAP [South West Audit Partnership] was not able to evaluate Northgate’s compliance with the terms of the contract including licensing requirements…”

Personal data at risk?

“It was noted that developers have access to the production environment, unmasked live production data is used by developers and vendors for testing purposes and desktops are not locked down.”

Potential for fraud?

“In addition the authorise function, a security feature available in AIS has not been implemented resulting in all authorisations occurring outside of AIS. As a result data loss, potential corruption of data, incorrect and potentially fraudulent use of the application, missed, inappropriate or additional payments, will not be identified and acted upon.”

Corrupt data?

“In spite of a recent security incident that appeared to result in some data corruption, there is no reporting in place or review of user, super user or generic user access for appropriateness.”

Can former staff still log on?

“Terminated users were identified with valid AIS access credentials. Just less than 10% of managers with access were found to be no longer employed. In addition user ids are not disabled after not being used for a period of time.”

Unattended screens?

“The time-out for the application is 1 hour. Although users typically leave the application on and lock the screen when they go out to lunch, this process is inefficient, leaving sessions unavailable for others and insecure, since the user could forget to lock their screen and allow bypass of all security.”

System security?

“We also identified in our capacity management audit that desktop lock-down is not in effect and as a result AIS data can be downloaded and copied to USB flash storage. SWAP recommended data security policies be developed and implemented …”


Dave Orr who has followed events at Somerset closely since the county council signed the Southwest One contract in 2007 has written to audit committee councillors about the AIS system.

One of his questions is how the council could have transferred a critical application to IBM without its being protected by any specific service level agreement.

Orr says: “I do not believe that an in-house IT service, with a head of IT in the direct employ of this council, would be allowed to leave these serious shortcomings in performance, audit logging and disaster recovery unaddressed.”


So much for the claims back in 2007, when the council and IBM formed Southwest One, that the services would be “beyond excellence”.

If this is the worst outsourced system in the UK where does that leave the 775 council users who no doubt are trying to do their best for the vulnerable adults in their community?

Thank you to Dave Orr for providing the information on which this article is based.

Is HMRC spending enough for help to replace £10.4bn Aspire contract?

By Tony Collins

Government Computing reports that HM Revenue and Customs is seeking a partner for a two-year contract, worth £5m to £20m, to help the department replace the Aspire deal which expires in 2017.

HMRC is leading the way for central government by seeking to move away from a 13-year monopolistic IT supply contract, Aspire, which is expected to cost £10.4bn up to 2017.

Aspire’s main supplier is Capgemini.  Fujitsu and Accenture are the main subcontractors.

HMRC says it wants its IT services to be designed around taxpayers rather than its own operations. Its plan is to give every UK taxpayer a personalised digital tax account – built on agile principles – that allows interactions in real-time.

This will require major changes in its IT,  new organisational skills and changes to existing jobs.

HMRC’s officials want to comply with the government’s policy of ending large technology contracts in favour of smaller and shorter ones.

Now the department is advertising for a partner to help prepare for the end of the Aspire contract. The partner will need to help bring about a “culture and people transformation”.

The contract will be worth £5m to £20m, the closing date for bids is 6 July, and the contract start date is 1 September.  A “supplier event” will be held next week.

But is £5m to £20m enough for HMRC to spend on help to replace a £10.4bn contract?

This is the HMRC advert:

“HMRC/CDIO [Chief Digital Information Officer, Mark Dearnley] needs an injection of strategic-level experience and capacity to support people and culture transformation.
“The successful Partner must have experience of managing large post-merger work force integrations, and the significant people and cultural issues that arise. HMRC will require the supplier to provide strategic input to the planning of this activity and for support for senior line managers in delivering it.
“HMRC/CDIO needs an injection of strategic level experience and capacity to help manage the exit from a large scale outsourced arrangement that has been in place for 20+ years.
“HMRC is dependent on its IT services to collect £505bn in tax and to administer £43bn in benefits each year. The successful supplier must have proven experience of working in a multi-supplier environment, working with internal and external legal teams and suppliers and must have a proven track record of understanding large IT business operations.
“HMRC/CDIO needs an injection of strategic level experience and capacity to help HMRC Process Re-engineer and ‘Lean’ its IT operation. HMRC/CDIO requires a Programme Management Office (PMO) to undertake the management aspects of the programme.
“It is envisaged that the Lead Transformation Partner will provide leadership of the PMO and work alongside HMRC employees. The leadership must have significant experience of working in large, dynamic, multi-faceted programmes working in organisations that are of national/international scale and importance including major transformation…”

Replacing Aspire with smaller short-term contracts will require a transfer of more than 2,000 Capgemini staff to possibly a variety of SMEs or other companies, as well as big changes in HMRC’s ageing technologies.

It would be much easier for HMRC’s executives to replace Aspire with another long-term costly contract with a major supplier but officials are committed to fundamental change.

The need for change was set out by the National Audit Office in a report “Managing and replacing the Aspire contract”  in 2014. The NAO found that Capgemini has, in general,  kept the tax systems running fairly well and successfully delivered a plethora of projects. But at a cost.

The NAO report said Aspire was “holding back innovation” in HMRC’s business operations”.

Aspire had made it difficult for HMRC to “get direction or control of its ICT; there was little flexibility to get things done with the right supplier quickly or make greater use of cross-government shared infrastructure and services”. And exclusivity clauses “prevented competition and stifled new ideas”.

Capgemini and Fujitsu made a combined profit of £1.2bn, more than double the £500m envisaged in the original business plan. Profit margins averaged 16 per cent to March 2014, also higher than the original 2004 plan.

HMRC was “overly dependent on the technical capability of the Aspire suppliers”. The NAO also found that HMRC competed only 14 contracts outside Aspire, worth £22m, or 3 per cent of Aspire’s cost.

Although generally pleased with Capgemini,  HMRC raised with Capgemini, during a contract renegotiation, several claimed contract breaches for the supplier’s performance and overall responsiveness.

When benchmarking the price of Aspire services and projects on several occasions, HMRC has found that it has often “paid above-market rates”.

HMRC did not consider that its Fujitsu-run data centres were value for money.


HMRC deserves credit for seeking to replace Aspire with smaller, short-term contracts. But is it possible that HMRC is spending far too little on help with making the switch?

HMRC doesn’t have a reputation for caution when it comes to IT-related spending.  The total cost of Aspire is expected to rise to £10.4bn by 2017 from an original expected spend of £4.1bn. [The £10.4bn includes an extra £2.3bn for a 3-year contract extension.]

Therefore a spend of £5m to £20m for help to replace Aspire seems ridiculously low given the risks of getting it wrong, the complexities, the number of staff changes involved, the changes in IT architecture, and the legal, commercial and technical capabilities required.

The risks are worth taking, for HMRC to regain full control over ICT and performance of its operations.

If all goes wrong with the replacement of Aspire, costs will continue to spiral. The Aspire contract lets both parties extend it by agreement for up to eight years. HMRC says it does not intend to extend Aspire further. But an overrun could force HMRC to negotiate an extension.

As the NAO has said, an extension would not be value for money, since there would continue to be no competitive pressure.

Campaign4Change has never before accused a government department of allocating too little for IT-related change. There’s always a first time.

Government Computing article


Cornwall Council rushes to sign BT outsourcing deal before elections

By Tony Collins

Cornwall council logoCornwall Council was a model of local democracy in the way it challenged and then rejected a large-scale outsourcing plan. Now it has gone to the other extreme.

Amid extraordinary secrecy the Council’s cabinet is rushing through plans to sign a smaller outsourcing contract with BT – a deal that will include IT – before the May council elections.

Councillors who have been given details are not allowed to discuss them. No figures are being given on the costs to the council, or the possible savings. The Council’s cabinet is not releasing information on the risks.

Councillors are being treated like children, says ThisisCornwall. Documents with details of the BT outsourcing plans have to be handed back by councillors, and cabinet papers are being printed individually with members’ names as a watermark, on every page, to guard against copying and to help identify any whistleblowers.

The council’s Single Issue Panel has a timetable for the IT outsourcing plan.

– Recommendation to Cabinet to approve release of ITT – 27 February 2013

– Evaluation of bid – March 2013

– If contract awarded, commencement of implementation work – April 2013

– Staff transfer date – July 2013

The SIP report emphasises that the timetable for signing a deal is tight. “Evidence received is that there is little room for slippage in the timetable, but that potential award of contract is achievable by the end of March 2013… It is expected that a contract could be ready to be issued as part of the ITT [invitation to tender] pack by early in the week commencing 4 March 2013.”

The SIP report concedes that the plan is “fast moving”.

In the past, the SIP group of councillors has been open and challenging in its reports on the council’s plans with BT (and CSC before the company withdrew from negotiations). Now the SIP’s latest report is vague and unchallenging. The risks are referred to in the report as a tick-box exercise. Entire paragraphs in the SIP report appear to have little meaning.

“Risk log and programme timelines are reviewed and updated on a regular basis… 

“The Council and health partners have been working on and have reached agreement on their positions in relation to commercial aspects in the contract and their expectations have been part of the dialogue with BT.”

“Previous concerns of the Panel relating to the area of new jobs have been addressed with BT in contract discussions and contract clauses have been revised to reflect this…”

It is also unclear from the SIP report why the council is outsourcing at all, only perhaps a hint that the deal will be value for money.

“The contract will be fully evaluated by the Head of Finance and her team to ensure value for money once the final bid is received. No savings have been assumed for 2013/14 budgetary purposes, although there are assumptions of savings for the indicative figures for future years,” says the SIP report.


It is a pity that Cornwall Council’s cabinet is rushing to sign a deal for which it won’t be accountable if things go wrong. In a few weeks a new council will be voted in and, if the outsourcing deal with BT ends up in a dispute or litigation, the new council will simply blame the old, as happened when Somerset County Council’s joint venture deal with IBM, Southwest One, went into dispute.

In essence, with the local elections only two months away, Cornwall Council’s cabinet has a freedom to make whatever decision it likes with impunity; and it appears to be taking that freedom to an extreme, almost to the point of sounding, in the latest SIP report, as if the council is an arms-length marketing agent of BT.

Cornwall Council’s cabinet has a mandate from the full council to move to a contract with BT. The full council has voted to “support” a deal. But that vote was a mandate to negotiate, not to sign anything BT wants to sign.

Openness has gone out of the window and BT, it seems, is no longer being rigorously  challenged – by Cornwall’s cabinet, the full council, the public or the media.

How exactly can BT guarantee jobs and make savings? We don’t know. The Cabinet isn’t saying, and its members are doing all they can to stop councillors saying.

Are BT’s promises reliant on the fact that IT is subject to constant and sometimes costly change – often unforeseen change – and that is bound to continue, at least in the form of supporting changing legislation and reorganisations?

Unforeseen changes could add unforeseen costs which the council may have to pay because IT is at the heart of business continuity.  In any dispute with the council  – and BT knows its way around the world of contested contracts – the company would have the upper hand because of its experience with litigation and the fact that the council would need undisrupted IT at a time of change and could not afford, without risk, to take the service back in-house.

We have seen how normality broke down at Mid Staffs NHS Foundation Trust amid a lack of openness and excessive defensiveness;  and we have seen, in Somerset County Council’s joint venture with IBM, Southwest One, what can happen when a contract signing is rushed.

Cornwall Council’s cabinet is doing both. It is rushing to sign a contract; and it is rushing to sign it amid excessive secrecy.

Surely Cornwall Council can do better than slip into the shadows to sign a deal with BT before the council elections in May?  If it is such a good deal, the new council will want to sign it. A new council should have the chance to do so.

For Cornwall Council to outsource now what is arguably its single most important internal resource – IT – is bad for local democracy: it is snub to anyone who holds true the idea that local councillors are accountable to local people.

Thank you to campaigner Dave Orr who drew my attention to information that made this post possible.

* Cornwall Council, by the way, has one of the best local authority websites I have seen.  If the website is a reflection of the imagination and efficiency of its IT department, Cornwall Council should be selling its IT skills to BT for a small fortune – not giving staff away.

Chief Procurement Officer quits for private sector

Tony Collins

John Collington has resigned as Government Chief Procurement Officer after little more than a year in the post.

Collington’s resignation is reported by Peter Smith of Spend Matters. Smith says that Collington is to become Chief Operating Officer of Alexander Mann Solutions, a leading “Recruitment Process Outsourcing” firm.

“We might have expected consultancy, or software, but Collington has been involved in shared services in recent months and has a track record in outsourcing from his time at Accenture and I believe even before that.

“He’s got strong operational skills which should play to the COO role …” says Smith.

“Francis Maude gave Collington a glowing testimonial, as we might expect…But then Cabinet Office have to spoil it by talking nonsense …”

The Cabinet Office said Collington has reduced overall spend on goods and services from £51bn to £45bn and spend with SMEs is estimated to have doubled to £6bn, along with a 73 per cent reduction in spend on consultancy and contingent labour.

“We accept he has helped to reduce spend but, given he has no budget of his own, it’s a bit much to say he ‘has reduced overall spend’…” says Smith.

“And as Cabinet Office themselves know very well, they have no clue whether spend with SMEs has doubled, given the robustness (or lack of) around the data …”

It appears that Collington was a believer in incremental reform. He was not a Chris Chant who spoke of the need for radical reform. Chant argued with force  that high costs, present ways of working and the dominance of a few major suppliers were unacceptable.

Collington reported to Ian Watmore who was Permanent Secretary at the Cabinet Office. Watmore has also resigned.


Nigel Smith, formerly head of the Office of Government Commerce [now subsumed into the Cabinet Office], was one the harshest critics of the way government bought goods and services.

Smith said in June 2010 that up to £220bn – nearly a third of everything government spent – was on procurement. But there were 44,000 buying organisations in the public sector which bought “roughly the same things, or similar things, in basic commodity categories” such as IT and office supplies. There were 42 professional buying organisations in public sector.

He said there was “massive duplication” of activity. We wonder how much has changed since then.

Spend Matters

Collington appointed Chief Procurement Officer

Timetable for HMRC’s work on Universal Credit is “challenging” says NAO

By Tony Collins

Today’s report of the National Audit Office on the accounts of HMRC is, perhaps diplomatically, silent on the performance of HMRC’s work so far on Universal Credit, other than to say the timetable for roll-out beginning in October next year is “challenging”.

There have been internal assessments of HMRC’s “Real Time Information” [RTI] project, on which the success of Universal Credit is dependent, but none has been published other than the “Starting Gate”.

Today’s NAO report on HMRC says the “timetable for implementation of RTI is challenging”. It adds:

“The Department for Work and Pension’s timetable to implement Universal Credit is driving the timetable to roll-out RTI. The Department for Work and Pensions requires real time PAYE information on employment and pension income to award and adjust Universal Credit.

“It is rolling out Universal Credit from October 2013 to 2017. All employers and pension providers need to be using RTI by October 2013 to meet this timetable.

“The Department met its milestone to start its RTI pilot in April 2012 with ten employers. By July 2012, it expects a further 310 employers will be using RTI. At 31 May 2012, 209 PAYE schemes covering 1.5 million individual records were using RTI.”

NAO report on HMRC’s 2011/12 accounts

HMRC still plagued by IT problems.

Time for truth on Universal Credit