Ruth Kelly, financial secretary to the Treasury, has told
Parliament she will consider introducing a statutory framework,
which could strengthen the accountability in IT-related projects in
the public sector. This publication has called for new legislation
as part of its "Shaking up Government IT" campaign. To reduce the
large number of government projects that fail to deliver the
anticipated benefits, we have also called for the publication of
Gateway reviews, which Kelly has rejected. In the past we have set
out arguments for publishing the reviews. Now we respond to the
specific arguments raised by ministers and the Office of Government
Commerce against publication.
"If we took confidentiality away from the discussions
we would not have such open and honest negotiations." (Source: Ruth
Kelly, financial secretary to the
Treasury).
It is understandable that ministers and departmental heads prefer
secrecy to accountability to Parliament over their discussions on
IT projects. If directors of publicly quoted companies were able to
choose secrecy over openness, they too would prefer not be held to
account for their decisions, to never be sacked for making wrong
choices and assessments, and never scrutinised by
shareholders.
But shareholders need protection against directors who mislead
them. So there are rules, legislation and regulators to ensure
accountability and transparency. In the aftermath of the Enron
debacle, corporate governance has never had a higher profile.
In the public sector there are no rules, legislation or regulators
to guarantee accountability and transparency to Parliament on IT
investments that will cost taxpayers hundreds of millions or even
billions of pounds. MPs are usually unaware of an IT-related
disaster until they are inundated with letters of complaint about a
public service from their constituents.
On the occasions when Parliament is given information on IT
projects by departments there is no statutory or regulatory
requirement that it be accurate or timely. When MPs were repeatedly
assured by ministers and civil servants that the Post Office's £1bn
Pathway project was on track, they had no means of checking this
information was accurate. Despite the ministerial assurances, the
project collapsed.
It took six years for Parliament to learn that the government
communications centre GCHQ is spending £308m on an IT programme
that it had estimated would cost £41m. The fact that Customs and
Excise went through a "red light" on a Gateway review was disclosed
almost by accident, during a hearing of the Public Accounts
Committee in December 2003.
By default bureaucracies will always prefer to hold debates in
private. Parliament met in secret in the 18th century, as did the
committees of local councils in the early part of the 20th century.
They did so for the same reasons advanced by the Office of
Government Commerce: that debate in the open could inhibit their
discussions. But the advantages of openness and accountability
outweigh the desire for secrecy.
An early warning from a Gateway review that the police were having
trouble implementing a national crime intelligence system could
have alerted MPs and Parliament to the risk of a tragedy along the
lines of the Soham murders before it happened. But the problems
with developing the police system were kept secret until mentioned
in last month's Bichard Report.
It seems a small step to publish a summary of the reviews of teams
of people whose duty is to assess whether projects costing millions
of pounds are heading towards disaster.
If ministers and departmental heads ignore the
recommendations of Gateway reviews they are likely to be held to
account by the House of Commons' Public Accounts Committee and
[public spending watchdog] the National Audit Office. (Source:
OGC).
The Public Accounts Committee does not examine every major
high-risk IT project, or even most of them, and it is rarely given
any detailed information about the results of Gateway reviews. For
example, the biggest IT project in the world, in support of the
modernisation of the NHS, has been running for nearly two years and
there has been no report on its progress by the audit office and no
published information on the results of its Gateway reviews.
If the Public Accounts Committee is given a summary of a Gateway
review, it is several years after the project began, and long after
any failure has damaged the public purse or services. By then, any
officials who ignored the warnings from Gateway reviews are likely
to have changed jobs and so will not be required to appear before
the Public Accounts Committee.
If the reviews are published, they will be so crawled
over by lawyers and public relations advisers that the final report
will be anodyne. (Source: Gateway
reviewer).
Were departmental heads forced into publishing reviews, it is
likely they would wish to put into the public domain documents that
bore little resemblance to the original.
But however much they were sanitised, the publication of Gateway
reviews would chip away at the mountain of secrecy over government
IT projects, would recognise the principle that it is good to be
transparent and would be a step towards a change in culture. Even a
fragment of truth would be better than nothing. It would allow
stakeholders in the project to see how it is going, and encourage
their comments and buy-in at an early stage.
If it ain't broke don't fix it - reviews are improving the success
rate of government projects so there is no need to change things by
publishing them. (Source: OGC)
It is widely agreed that Gateway reviews are a useful innovation
but there are limits to their success. An internal survey by the
NHS Information Authority last year found that 50% of project and
service managers were "not confident that reporting red will cause
any action to happen", said the authority. Some believed that the
red lights were "not appropriate".
Gateway reviews, whether carried out internally or by the OGC,
result in red, amber or green lights depending on the state of the
project.
Last year Peter Gershon, the then head of the OGC, said that
project planning in government was sometimes "little better than
something on the back of a cigarette packet". This was two years
after the introduction of Gateway reviews. With the government
investing more in IT, on ID cards for example, the magnitude of the
risks is growing. This makes it all the more important that the
information is available from Gateway reviews to enable
stakeholders and Parliament to scrutinise projects, particularly in
the early stages.
Publishing reviews would make them less timely and
effective because by the time they are approved their influence on
the project teams will have diminished. (Source:
OGC)
This is a disingenuous point because the OGC knows that the
published version can be agreed and released whenever it chooses.
The published version will not in any way affect the timetable of
the original review and report which is usually ready in about
three to five days and is given directly and unaltered to a
project's senior responsible owner.
But the main objection to publishing Gateway reviews is not
expressly stated and is rooted in the culture of the civil service.
Departments tend not to alter decisions they have already set in
stone, however strong the arguments in favour of change.
It would take a rare breed of civil servant or minister to
voluntarily publish documents that the department has decided
should be kept secret. But the public interest requires that the
OGC revisits its decision not to publish, particularly when it is
remembered that billions of pounds of taxpayers' money is at
risk.
' Leader, p24
What are Gateway reviews?
Initiated by the Treasury's Office of Government Commerce in
2001, Gateway reviews examine a high- or medium-risk project at key
stages in its lifecycle. Independent assessors give the project a
green, amber or red light at each stage. There are usually six
reviews: four before the award of contracts and two after. The
reviews have a de rigueur acceptance but they are kept secret and
departments do not have to adhere to their recommendations. All
that the OGC can do is send a private minute to the prime minister
saying that certain departments are not accepting the advice of
Gateway reviews or are not acting fast enough. Departments are
assured that the reviews are confidential.