Recommendations to prevent another ILA debacle should be extended
across the entire public sector.
An internal audit by the Department for Education and Skills
(DfES), and a study by Cap Gemini Ernst & Young have provided a
depressing insight into the catalogue of errors that led to the
collapse of the Government's £260m Individual Learning Account
(ILA) scheme late last year.
The many gaffes they have identified read like a litany of classic
public sector project management mistakes, and reinforce the
suspicion that, in Westminster at least, lessons are rarely, if
ever, drawn from IT failures.
Pressure to deliver the project to a tight deadline meant that the
contracting process between the DfES and Capita, the IT outsourcing
company that headed the ILA scheme, was rushed and therefore
flawed.
Insufficient staff resources were allocated to the project, and
from the outset the department failed to capture and record its
decision path, meaning that it later became difficult to trace to
their source the problems that arose.
Most damaging of all, though, was the DfES' handling of the
security implications of the scheme.
Government guidelines for security risk analysis were ignored, and
insufficient risk assessment and ongoing risk management was
carried out. The department's failure to furnish Capita with clear
IT security specifications for the ILA scheme meant that the
systems underpinning it had no structured procedures for
identifying its misuse.
The resulting system carried insufficient in-built security,
leaving it prey to unscrupulous training providers who removed
money illegally from more than 5,000 ILA accounts.
The original ILA scheme is history now, soon to be replaced by a
new - and hopefully more secure - manifestation. But the inquiry
into the scheme's collapse by the Education and Skills Select
Committee has rightly tried to seek a means of ensuring that
similar blunders do not compromise future public sector IT
projects.
The committee recommends that any fresh IT contracts drafted by the
DfES should be available to Parliament for scrutiny.
Of course they should. Independent and vigorous monitoring of
public sector IT projects is essential if they are to be
transparent, and their leaders fully accountable for their
decisions. The department has duly confirmed that it will make the
contract details of the successor to the ILA scheme available for
scrutiny.
But why limit this advance to the DfES? Public sector project
disasters have been by no means confined to the education
department. The Inland Revenue, the Passport Agency, the NHS and a
raft of other public sector bodies have experienced the pain of IT
project failure.
Surely, all IT contracts paid for with public money should be
available for scrutiny as a matter of course? Only by putting such
a policy in place, can we hope to escape the "not my
responsibility" blame-avoidance culture that permeates Whitehall.