The chief executive of IT services firm Capita which designed,
built and ran the computer systems for the Individual Learning
Account programme was hauled up before MPs on the all-party
education and skills select committee. Bill Goodwin reports
Senior executives of the IT outsourcing firm Capita denied
suggestions of negligence during their cross-examination by MPs on
the Commons education and skills select committee last week.
The company is under the spotlight for its role in managing and
running the Government's ill-fated £200m Individual Learning
Account (ILA) programme, which had to be closed down when evidence
emerged last year of fraud.
The dramatic collapse of the Government's flagship scheme has
raised questions about the security of the computer systems used to
administer it.
Computer Weekly revealed last month that there were virtually no
checks on the credentials of learning providers joining the ILA
programme.
Once they had access to the Web site, unscrupulous providers were
able to use the site to guess unused account numbers, each worth to
up to £200 in government subsidies. A black market in unused
account numbers developed.
The security of the ILA computer system was undermined by a
last-minute Government decision to abandon plans to accredit
training providers, Paddy Doyle, Capita's group board director told
MPs.
Plans to run checks on the individuals applying for courses were
also dropped. Capita had already designed and built the computer
systems and it was difficult to change them quickly, he said.
It proved difficult to integrate the accreditation databases into
the new ILA system. The database only held details of established
training providers and this conflicted with the Government's policy
to encourage new training providers into the scheme.
"The emphasis of the security case was very much on who had access
to the system. Once into the system it was a very open scheme,"
said Doyle. "There was a low level of security, I am very aware of
that."
With Capita's extensive experience of security gained from running
housing benefit systems, and its forthcoming contract to manage
criminal records, MPs asked why it had failed to warn the
Government about the potential security shortfalls.
"I don't think we foresaw there was going to be a problem," said
Doyle.
Capita had assumed that any abuse of the system would be picked up
in the monthly management reports it compiled for the Department
for Education & Skills (DfES).
"While we would say we are very experienced and professional, this
is an area where we can't know too much. Someone invented a new way
of breaking into the system," he said.
The select committee examined the forms learning providers and
course applicants had to complete before joining the scheme. They
were only a page long and contained few checks to distinguish the
genuine learning providers from the fraudulent firms, or real
course applicants from fictitious ones.
Surely, one MP suggested, Capita's work on other IT projects should
have given it the experience to say the forms were not good
enough.
But Doyle said Capita did not have the ultimate say over the design
of the forms. "Before we bid for the contract there was a
specification. It was not for us to sit down solely on our own and
design the forms. Our people had some say in it, but we were not
given free rein," said Doyle. "We are not in a position to define
Government policy.
"There was a balance: open and non-bureaucratic versus closed and
bureaucratic," he said. "If you want to encourage people to apply,
you don't come down and ask for birth certificates and utility
bills. It discourages people from applying."
Capita's earnings, MPs heard, were related to the number of
students passing through the scheme. When the ILA programme closed
it had 2.6 million people - the target was originally 1.6 million
applicants.
But this did not create an incentive to skimp on security, said
Doyle. "The rapid build-up of numbers gave us far more problems. We
had difficulty keeping our service levels because of those
problems."
The committee asked if Capita would accept responsibility for
making any mistake. Doyle admitted that the company should have
"shouted louder" to the department about the computer system's
security.
"We could have moved earlier to make this system more robust in the
light of the information we received," he said.
Capita did raise concerns with DfES officials during its regular
meetings with them. But, said Doyle, it might have been better to
raise the issues at a higher level with the department.
In a move that could shed unprecedented light on public-private
partnership deals, Capita agreed that it would make copies of its
contract with the DfES and the minutes of its meetings with
department officials available to MPs, provided there are no
objections from Government.
Capita's role in the ILA programme
- Ran a call centre in Coventry to process applications and
advise learners
- Processed learning provider applications from an administrative
centre in Darlington
- Developed, implemented and operated the ILA computer centre at
West Malling, Kent
- Granted access to learning providers to the ILA computer
system
- Produced management information and audit reports for the
Department for Education & Skills.
Lessons learned by Capita from ILA mess
- ILA computer and business process systems should be
reviewed
- Partnership arrangements with the Department for Education
& Skills should be formalised to ensure problems are recognised
and addressed
- Learning providers should be accredited before joining the
scheme
- The existence of people applying for training should be
verified
- Guidance should be issued to the public on the quality of
training they should expect
- Regular account statements should be sent out to enable
students to check that their accounts are not being misused
- Courses should be verified and monitored.