Managerial and technical blunders by education department officials
and the IT outsourcing company, Capita, were key factors in the
collapse of the Government's £260m Individual Learning Account
(ILA) scheme, internal inquiries have revealed.
Rushed decisions by government officials, inadequate IT security
specifications, poor management information, and a failure to
consistently follow good practice, left the flagship scheme open to
fraud and abuse, government investigations have concluded.
The lessons learned from the failure of the scheme, which ran more
than £93m over budget before it was abandoned by ministers at the
end of last year, will have ramifications for all future public
sector IT projects.
Pressure to launch the project by September 2000, led to problems
in the contracting process between the Government and IT
outsourcing company Capita, a special internal audit by the
Department for Education and Skills (DfES), released in summary
last week shows.
The department had no business model to assess the strengths and
weaknesses of alternative policy options. It failed to keep a
record of the decisions it made, did not properly assess risks, and
under-resourced key project roles.
A separate study by management consultancy Cap Gemini Ernst &
Young, also released in summary, criticises the education
department for failing to give a clear mandate to the outsourcer to
assess the security requirements of the project or to provide
ongoing security management.
Structured mechanisms and procedures were not put in place to
identify patterns of fraud, there were no procedures to check that
security provision in the system was adequate, and no procedures to
archive log files to identify misuse of the ILA online system. The
Government did not follow its own guidelines on security risk
analysis.
Speaking in the commons, Paul Holmes, Liberal Democrat MP for
Chesterfield, accused the Government of creating "a cowboys'
charter" for unscrupulous training companies to follow.
"Capita - a company that was supposedly expert in its work - failed
to warn the DfES of the glaring scope for abuse in the scheme. It
went on to run a scheme that was widely criticised by legitimate
and experienced training providers, because of its poor complaints
system, a call centre that often could not cope with the volume of
work and computer software systems with inadequate security built
in," he said.
Unscrupulous training providers removed money from more than 5,000
ILA accounts without the students' consent, and failed to provide
training to another 1,000, government statistics reveal. More than
40 people have been arrested, and charges are being brought against
13 people.
ILA: what went wrong
Cap Gemini investigation- Department for Education and Skills (DfES) contract with Capita
gave no clear security requirements
- Government security risk analysis guidelines were not
followed
- No structured procedures to identify misuse of ILA
database
- No procedures for ongoing security testing of the system
- No procedures to archive access logs for later
analysis
DFES internal audit- Pressure to get the scheme running quickly led to contract
problems
- Lack of a business model hindered assessment of options
- DfES did not keep adequate records. It is unclear why some
decisions were made
- Unhelpful format of Capita's management information did not
allow DfES to identify abuse
- Little evidence of ongoing risk management
- Staff resourcing of contract and financial management was
inadequate
- Learning providers took advantage of ILA by increasing prices,
mis-selling and aggressive marketing.