Recently in gateway reviews Category

MPs pooh-pooh happy clappy ICT strategy

| 1 Comment
| More
Happy clappy.pngMPs had fun with the government's ICT strategy at yesterday's sitting of the Public Accounts Committee. What was it, a novelty act? Some sort of new-age frippery?

It was "motherhood and apple pie", said PAC chair Margaret Hodge MP. No-one could disagree with anything in it.

But she wasn't satisfied.

"Cabinet Office didn't deliver in the past," she said. "What on earth will be different this time?"

Austin Mitchell, MP for Grimsby, said the strategy exuded good intentions. But it didn't have any heft. There were no baseline numbers and no targets on which it could be measured.

PAC is used to dealing with more substantial fair, and has on occasion got high-gauge ammunition from the National Audit Office, on which it bases its inquiries.

But the NAO report from which this PAC inquiry took its lead - February's ICT Landscape Review - was even less substantial than the Cabinet Office ICT Strategy. It was like an ambiguous coalition statement on ICT transformation for the 21st Century, re-imagined as a Peter & Jane picture book. It wasn't substantially different from the ICT strategy.

Most entertaining of all was NAO's claim that "80 per cent of central government ICT work is undertaken by 18 suppliers."

This battle cry for the coalition ICT strategy was given credence by the NAO report. But the NAO told Computer Weekly it couldn't substantiate the number.

"This statistic was based on an interview with the government," said an NAO spokesman. "It was okayed by the Cabinet Office but we don't have any audited data to back it up. It was a senior level civil servant who has since left the government."

Post-new age age

The stat actually derives from references provided by numerous reports written on the matter in recent years by the likes of Eton's Liam Maxwell, Cambridge University's Mark Thompson, and other alumni of the Cameronian Network for a Post Bureaucratic Age (NPBA), on whose work the Conservative and then coalition ICT strategy was based.

It goes back to 2004 when academics estimated 80 per cent of UK government ICT was delivered by just 5 firms. It was updated in 2009 by estimates supplied by Kable, the research firm founded by William Heath, the NPBA compadre behind Mydex, the ID assurance system favoured by the coalition to fill the hole left by ID cards.

The point, as Cabinet Office chief operating officer Ian Watmore told the Committee yesterday, is that government information on precisely who is doing what with whom for how much is poor. The Cabinet Office major projects authority was getting a grip on it. But it had, since committing to the task in August 2010, still not defined precisely what a major ICT project was.

NAO said it was trying to design a mechanism to benchmark IT spend, and presumably power hierarchies. The Office of Government Commerce, recently subsumed into the Cabinet Office, vowed to address the issue when it was founded in 1999. Ten years later, it was still asking suppliers what government had bought from them.

Post-private outsourcing

There are anyway no detractors to the smash-the-ICT-oligopoly policy. Even the major ICT suppliers have refused to tell Computer Weekly what's wrong with it.

As well they might. Hodge said 65 per cent of government ICT was delivered by the private sector. And 100,000 of 135,000 government ICT professionals were employed by private companies.

"The private sector have been the problem," she said. "We've seen a small oligopoly of providers who have ripped the government off. They've been very expensive, have delivered late and not delivered to specification."

"Your point about the oligopoly is correct," said Watmore, though he was less certain about whether they could be proven liable contractually.

Margaret Hodge.pngInsubstantial as it was, the NAO report had at least catalogued promises government had made to fix the IT problem over the years. Hodge liked the 2001, 2003 and 2008 attempts to employ more SMEs.


Watmore, who was head of ICT strategy for the last Cabinet Office just as he is for this one, reckoned this time was different.

"We are finding a way for SMEs to come in, and not just underneath some of the prime contractors, where they get smothered and we pay double margin," he said. An SME tsar, Stephen Allott, had been appointed.

Something else he had changed were Gateway Reviews, introduced in 2004 as a means of preventing expensive IT failures. They had failed. So we've now got a... what was it called? First Gate? Starting Gate? Pouting Gate?

Whatever it's called, it's been rebranded and stuck in an earlier stage of the systems lifecycle where it is hoped it will prevent "very famous politicians making big commitments", as Watmore put it, or over-selling by ICT suppliers "who will say whatever it takes" to win a £2bn contract.

And so the government would be using Agile methods, training staff, consolidating data centres and so on. It was still ultimately sacking civil servants and relying more on the private sector. The NAO will really have its work cut out when New Labour's ICT oligopoly is disbanded and the collaborative age ushers in its apparently amorphous new clique of SMEs.

Advisers foretold ID's doom

| More
The Identity Card Scheme offers a lesson in the infeasibility of IT systems held to political ransom. The cost of failure was too high for the Labour government. So the Home Office pressed on Quixotically with the system, despite never overcoming its critical weaknesses.

The picture that has emerged with the publication of last week's Independent Scheme Assurance Panel report is one of a government department hashing together on the fly a system of a size, complexity and sensitivity never before attempted. It may have been too big to fail, but it was also too much to handle.

The Home Office was obliged over the years to issue empty assurances that everything was under control and that it was addressing the repeated warnings given by ISAP. Can you handle a project of this size and complexity, asked ISAP in 2007. Yeah, 'course we can, said the Home Office - we've recruited some more executives.

In failing to deliver on those assurances, the department gave an indication of the amount of strain its IT experts must have been under. Working on a panacea project must be like happy-clapping at a cult.

The inconvenient imperfections of the ID plan were spelled out clearly in ISAP's 2007 report, compiled in the year after the Home Office cut the ribbon on the system blueprint and set their IT chumlies off on their futile quest.

After three years of development, the problems still had to be addressed. And very little of the blame could be put on the poor techies building the system. The snags were political. The fault was incompetent ministerial direction.

Writing on the wall

Data security risks identified in 2007 were never brought under control. And much else ISAP and good sense required of the ID project in 2007 was never fully addressed.

Public trust essential to the scheme was never secured. Inter-departmental differences over the accountability, funding and ownership of the cross-government system architecture were never settled. A "robust and transparent" system of data governance was never established. The system requirements were never properly defined and neither were its benefits, though both were crucial, it was and is commonly said, before the system could be properly designed.

Vital skilled staff were never recruited. A system of competent organisational governance was never established. Cross-government support was ever obtained and a cross-government standard of identity data and management was never agreed.

It was being built, against ISAP's advice and accepted wisdom, on "shifting sands". And contracts with suppliers were let, to satisfy a political timetable, despite these crucial preliminaries not being clarified.

This must have been especially awkward for the Home Office and may explain why it disbanded ISAP in 2009. No matter that the oversight panel was set up after the Home Affairs Select Committee said in 2004 that the Gateway review process (through which the Office of Government Commerce usually seeks to prevent embarrassing IT failures) couldn't be trusted to oversee a "project of this scale". Don't worry, said the Home Office, we'll set up an independent oversight board.

Had the Home Office given ISAP more credence, a lot of time and money may have been saved. The panel's first public warning put the writing on the wall: data loss will lead to a loss of public trust that, it implied, would be the project's ruin. There were real risks of data loss, it said. Something had better be done about it because people won't stand for it.

Mind bending

This was to be done with a PR exercise that would win public trust by showing how security concerns had been addressed. People would be told the system's tolerance for errors. Said system would have not only to be "robust" but also "well respected".

The problem was swept under the carpet. Civil servants were being sacked for snooping on the Customer Information System (the DWP database that was to form the biographical core of the ID system) before the scheme began. They were still being sacked after the scheme was scrapped in 2010. The DWP's precautions were shoddy, the security leaks were proving unmanageable and the DWP refused to reveal the error tolerance of the CIS. It may not even have known.

You have to wonder how the ISAP overseers felt about it all in the end. Nokia CEO John Clarke, Cranfield Professor Brian Collins, ex-First Direct Bank CEO Alan Hughes, BAA IT director Malcolm Mitchell, and ex-HSBC Bank CIO Fergie Williams: these sort of people are not used to being fobbed off.

Being from the commercial world, they are also accustomed to developing systems that rely for their success on customer choice. Paradoxically, they advised that the ID scheme would only succeed if everyone was forced to use it. This exposed the lie in Blair's ID sales patter, the come-on-you-know-you-want-it approach to civil security: everyone was going to get it anyway, whether they liked it or not.

Sad ending

"To be successful," the ISAP said, "the scheme has to become the government's (and the commercial sector's) primary means of identifying individuals and controlling updates to and use of their data."

It sounds preposterous now. Citizens no more like the Home Office watching them for their own good than foreigners like having bombs dropped on their heads for their own good.

The ID scheme gives us one other amusing paradox to ponder. From ISAP's perspective, it demonstrated how a lack of transparency in public policy and execution led inevitably to costly failure. Yet had the government come clean about the risks, it may never have won the public's support in the first place.

Transparency is the only hope we have of overcome the endemic problem of public databases being snooped.

What support people had given ID was befooled. The sands shifted so much under the ID scheme that it's hard to say what it was meant to do in the first place. Someone should nose around the Home Office with that very same question in mind. When they come across its fascistic database of identity-carded foreigners they might ponder whether it would ever have been approved either had the opening sales gambit not been ID-for-all.

Cabinet Office answers my questions on reviews of IT projects

| No Comments
| More


These are my questions and the Cabinet Office's replies on Government plans to freeze projects over £1m and review major IT-related projects and programmes.


Me: I understand that an initial review of projects between £1m-£50m will be undertaken by departments, by the end of July. Given that some departments and agencies have been defensive and self-justifying in the past, can the Cabinet Office be certain that departments will be objective when reviewing their projects?

[For instance the Department of Health has said that the NPfIT is within budget, although the original contracts were announced as being worth £6.2bn and have since increased to a cost of about £7.3bn. The Department would say that the budgets have not increased; the contracts are delivering much more than originally intended. Some may see the increase, though, as scope creep.]


IT openness is coming - Cabinet Office

| No Comments
| More


Government CIO John Suffolk and his colleagues are preparing plans for the publication of IT-related documents that have always been secret and  difficult to obtain even under the Freedom of Information Act.

The plans include the publication of:

- Gateway reviews

- Project reports of all types

- Risk registers

Business cases

- Minutes of project meetings

- Health Check reports

Tory manifesto: what about the promise to publish Gateway reviews?

| 1 Comment
| More

On the "Make IT Better" website, which is run by the Conservative Party, is a promise to publish  gateway reviews "when they are produced, and allow the public to scrutinise the value and progress of a project".

This was confirmed in my interview with Francis Maude, the Shadow Conservative Cabinet Office minister.

But the Tory promise to publish all gateway reviews in full didn't make it into the draft Conservative manifesto - nor into the Conservative Manifesto 2010 which was published yesterday.

There's not a single mention of gateway reviews in the Manifesto.

But Conservative Central Office insisted yesterday that the Party plans to publish "all gateway reviews". Its spokesman Giles Kenningham said in an email to me:

 "We will publish all gateway reviews. I don't think we can be any clearer."

Did OGC Gateway Review process let down Student Loans Company?

| No Comments
| More

             Or did Student Loans Company tell Gateway reviewers part-truths?

Today's report by the National Audit Office into the Student Loans Company's "Customer First" IT-based programme found that OGC Gateway reviewers got it badly wrong.

A Gateway review in the midst of a crisis, in July 2009, put the "delivery confidence" in the ability of the Student Loans Company to make payments by the start of term in September 2009 at "amber/green".

Yet months before that Gateway review, a crisis had begun to unfold.

Instead of confronting it, the Company appears to have taken the approach of Henry Kissinger who said, "There can't be a crisis next week. My schedule is already full."

Anatomy of an IT disaster

| More

Below are key parts of  today's Public Accounts Committee report on the C-Nomis report. Much the same could be said of other big IT-based change programmes such as the NPfIT.

Some will say plus ça change but some IT disasters are exposing near anarchy, and potentially worse, in some corners of government administration.

How not to develop a project

"We have taken evidence on cases of poor decision taking and weak project management on many occasions. The same lessons have still not been learnt, making the management by the National Offender Management Service (NOMS) of C-Nomis a prime example of how not to develop a project."

Beware US software which needs much rework for the UK

"From the outset those responsible failed to identify the modifications required to the
software to meet NOMS' needs. The Home Office assessed it as broadly meeting the needs of the prison service, but as a North American product the software needed to be adapted for UK legislation.

"In respect of probation, there was a serious failure to understand the magnitude and cost of the changes which would be needed, even though the Home Office recognised at the start that the software met only 29% of the needs of the Probation Service.  The estimated cost of developing the C-NOMIS application rose from £99m in 2005 to £254m by July 2007 due to customisation."

Did senior civil service managers bend the truth?

"The programme team running C-NOMIS reported that the programme was delivering on time and to budget, when it was not."

"In May 2005, as part of the C-NOMIS project approval process, the Home Office's
Programme and Project Management Support Unit certified the C-NOMIS project as not suffering from the eight common causes of project failure. Subsequent analysis of the underlying causes of the costs increases and delay by the National Audit Office indicated that C-NOMIS suffered from four of the eight common causes of project failure in full and three in part."
Over-optimism and the culture of good news

"Planning for the C-NOMIS project was unrealistic, in part because of an over
optimistic 'good news' culture which was not challenged with sufficient rigour by
senior management with in-depth knowledge of the business."

"The first Senior Responsible Owner and other senior people involved with C-NOMIS demonstrated a remarkable lack of insight and rigour, coupled with naivety and over-optimism."

OGC's release of Gateway review details - a good start

| No Comments
| More

OGC publishes details of 23 Gateway reviews under FOI Act

| No Comments
| More

This article on Computer Weekly's homepage reports on a decision of the Office of Government Commerce to publish the recommendations and RAG - red, amber, green - statuses of 23 Government high-risk IT projects and programmes, three years after I'd requested them.

This is the OGC's full FOI response: ogcresponse.pdf

Computer Weekly article

Learning from mistakes - the success of ex-Govt CIO Watmore

| No Comments
| More

ian watmore DIUS Expo 08 Manchester Uni.jpg  This is an editorial we have published in the print edition of Computer Weekly  

[Picture DIUSGOVUK] 

Computer Weekly is not prone to panegyric, but here we make an exception.

Ian Watmore is like a cool breeze entering a hot, stuffy room. He reached the top of his profession in the private sector, as UK managing director of international services company Accenture; he made it to the top slot for any IT expert in Government as chief CIO.

And he went further, becoming head of the No. 10 Delivery Unit and adviser to two prime ministers. It's a pity that on 1 June he left the civil service. He has taken his reforming zeal to the Football Association, as its chief executive.

The traits that mark Watmore out include his plain speaking and his lack of fear when taking sensible risks. More than that, he's open about past mistakes, analyses them, and tries to apply what he has learnt from them

Subscribe to blog feed


-- Advertisement --