US act makes CIOs publicly accountable for implementing best
practice.
Computer Weekly called last week for a radical shake-up in the way
ministers and government departmental heads manage major IT
investments. The aim is to reduce the number of project failures
without stifling innovation and sensible risk-taking.
The call is a response to evidence that the lessons from past IT
disasters are not being learned when departments and agencies
decide to embark on projects that will cost taxpayers millions and
sometimes hundreds of millions of pounds.
Parliamentary committees and public spending watchdog the National
Audit Office have issued countless reports on the failures of IT
projects, yet their number seems not to diminish and the amount of
money spent on large and risky projects is increasing.
The Department of Health, Department for Work and Pensions and the
Ministry of Defence are embarking on projects that are among the
most ambitious anywhere in the world.
When the US was faced with a series of high-profile IT disasters,
it decided to introduce legislation to tackle the problem. The
Clinger-Cohen Act, introduced in 1996, applies to government
organisations and is not aimed at the private sector or suppliers
to the public sector.
The Clinger-Cohen Act
Combining the IT Management Reform Act with the Federal Acquisition
Reform Act, the Clinger-Cohen Act was signed in 1996 by president
Bill Clinton. It was introduced following campaigns by the then
senator William Cohen, and a consultancy, the Standish Group, that
highlighted the administrative chaos in departments and agencies
caused, in part, by the repetition of mistakes in acquiring IT and
managing large projects.
In publishing the facts and principles that have led to the passing
of the act the US government has been outspoken, contrite and
revelatory. Nothing at all similar has ever been said by any UK
government about its IT projects.
The US government, in passing the act, has set out the background:
that information systems are critical to the lives of every
citizen; that the efficiency and effectiveness of the government is
dependent upon the effective use of information; and that the
government spends billions of dollars every year operating obsolete
information systems.
It also accepts that the failure to modernise systems and the
operations they support, despite efforts to do so, has resulted in
the waste of billions of dollars that cannot be recovered; that
despite some improvements, most agencies cannot track how they
spend their money and thus, expose the taxpayers to billions of
dollars in waste, fraud, abuse and mismanagement; and that poor
planning and project management, and an overburdened acquisition
process, have resulted in "taxpayers not getting their money's
worth from the expenditure of $200bn on information systems during
the decade preceding the enactment of this act".
Principles underpinning the act were also that the "government's
investment control processes focus too late in the system
lifecycle, lack sound capital planning, and pay inadequate
attention to business process improvement, performance measurement,
project milestones, or benchmarks against comparable
organisations".
To tackle the problems the legislation seeks to:
- Transform the process-oriented buying of IT into a
"results-oriented procurement system"
- Increase the responsibility and authority of top officials, and
their accountability to Congress and the public over the use of
information technology and other information resources in support
of agency missions
- Ensure that agencies are responsible and accountable for
achieving service delivery levels and project management
performance comparable to the best in the private sector
- Reduce fraud, waste, abuse, and errors resulting from a lack
of, or poor implementation of, government information
systems.
Many of the clauses in the Clinger-Cohen Act place a duty on
departments to apply fundamental and agreed principles of good
practice. Among the chief reforms is the insistence on the
appointment of a chief information officer in each agency who has a
duty to promote the effective and efficient design and operation of
all major information resources management processes.
Although the UK government has some chief information officers few,
if any, have powers similar to those given to their UScounterparts
by the Clinger-Cohen Act.
For example, Clinger-Cohen requires chief information officers in
the US to have information resources management duties as their
primary duty and they must advise the head of the agency about
whether to continue, modify, or terminate a project. In the UK
these decisions taken at a ministerial level.
The US chief information officer must also ensure that the agency
is accountable for the success, or otherwise, of the project and,
if necessary, revise mission-related processes and administrative
processes of the executive agency.
But in the UK's £2.3bn national programme for IT in the NHS, for
example, the responsibility for revising working practices in line
with the new systems is split between the national programme
office, the Department of Health's modernisation agency and the
programme's IT suppliers
In the US the head of an executive agency must identify "any major
information technology acquisition program, or any phase or
increment of such a program that has significantly deviated from
the cost, performance, or schedule goals established for the
program". In the UK deviations from programme are usually only
reported years afterwards when a report of the NAO is
published.
Before a US pilot programme may be conducted the project's
administrator must submit to Congress a detailed test plan,
including a detailed description of the procedures to be used and a
list of any regulations that are to be waived. There is nothing in
UK regulations like this.
How well has the act worked?
Tom Sisti, vice-president of consultancy Input, is a lawyer who
has helped to draft US legislation that reforms procurement
practices.
He said the Clinger-Cohen Act was much needed. It has led, for
example, to much more open dialogue between suppliers and
customers, he said, putting an end to a belief among public
servants that they could not discuss matters openly with suppliers
before awarding a contract.
"It has led to robust competitions and with everyone singing
from the same hymn sheet," he added.
The act provides for suppliers to issue a protest if they feel a
bid is too restrictive, which can lead to a bid being vetted
independently.
Jim Johnson, chairman of the US-based Standish Group, whose
reports on government IT failures provided evidence on which Cohen
campaigned for the introduction of the act, said the law has led to
improvements. "It makes people think about the legislation when
they acquire and manage projects," he said.
Specifically, he said the act makes agencies measure the
performance of their IT systems. But he said its effectiveness has
been limited by the government's lack of willingness to enforce it.
"If you don't prosecute people who rob a bank you cannot expect
them to have a fear of the law," he said. He added that if success
in IT projects could be measured as a mile-long journey, the
Clinger-Cohen Act had taken departments and agencies a quarter of a
mile along the road.
Johnson said the US would benefit from adopting UK-style Gateway
reviews, in which independent specialists assess projects at every
major stage, but he said they would need to be published.
"You cannot have accountability without visibility," he said. A
fear of being fined or fired would help to focus the minds of key
officials on complying with legislation, he said.
A report on the impact of US IT-related legislation, including
the Clinger-Cohen Act, was published in January this year by the
General Accounting Office. In 148 pages it said the act "imposed
much-needed discipline in acquiring and managing technology
resources", but found that compliance was patchy.
Clearly specialists in the US believe that the legislation has
led to improvements. Computer Weekly believes that UK legislation
which builds on the strengths of US laws and addresses its
weaknesses, coupled with publication of Gateway reviews, would
reduce the number of IT-related project failures.