18th November 1994
Sir John Bourn KCB
Comptroller and Auditor General
157-197 Buckingham Palace Road
The Proper Conduct of Public Business
Dear Sir John
On 20th April 1994, w3ith the assistance of members of the Public Accounts Committee (PAC) of the House of Commons and of the Parliamentary Information Technology Committee (PITCOM), THE Institute of Data Processing Management (IDPM) organised a conference on the IT related issues raised in the PAC report "The Proper Conduct of Public Business".
In the aftermath of that event it was suggested that IDPM form a Special Interest Group on IT Procurement and Supplier Relations in the Public Sector with the initial task of agreeing "an open letter to the Comptroller and Auditor General drawing attention to existing documentation and setting out recommendations on stewardship, accountability and enforcement issues".
The attached paper summarises the consensus of opinion of that Group with regard to current good practice There are, however, serious concerns as to whether promulgating good practice really is sufficient to avoid all the problems identified by the PAC.
In particular, problems can occur because good practice is:
· not easily accessible, or not brought to the attention of those who should follow it
· not followed despite its availability
· not good enough to achieve the objectives of the project within the constraints of public policy.
Among the specific problems identified were:
· placing "personal responsibility" at too high a level of seniority so that those taking decisions are not competent to appreciate the implications of those decisions
· situations where those responsible lack the necessary competence or authority and can do little but strive honestly and conscientiously to achieve unrealistic objectives, to the best of their ability, within policy, time and budget constraints outside their control
· the propriety of changing requirements defined in an invitation to tender without reopening the bidding and delaying the project
· potential conflicts of interest for those providing advice on policy, procurement or service objectives when they may also provide subsequent implementation/delivery services.
The Group feels that current guidance may be inadequate for those faced with such problems and that there may be a need to clarify and extend current guidance with regard to good practice, stewardship and accountability. In the meantime the Group will seek to promote informed debate and, if possible, identify areas of consensus, with regard to the issues as they impact the successful and cost-effective use of IT in the public sector.
(signed) ROGER MARSHALL
Chairman, Public Procurement SIG.
The Proper Conduct of Public Business
The Conditions for IS Success in the Public Sector
1. On 20th April 1994, with the assistance of members of the Public Accounts Committee (PAC) of the House of Commons and of the Parliamentary Information Technology Committtee (PITCOM), the Institute of Data Processing Management (IDPM) organised a conference to discuss the IT related issues raised in the PAC report "The Proper Conduct of Public Business".
2. Arising from the conference, the IDPM formed a Special Interest Group (SIG) tasked with preparing a response to the PAC report. This paper is intended to be the first component of an evolving programme of action.
3. The PAC has on a number of occasions identified cases where value for money has not been obtained from the development, procurement, implementation and use of IS in the public sector. The causes have been many and varied - inappropriate requirements; failure to manage and staff programmes and projects effectively; failure to respond to change, and failure to follow accepted good practice in areas such as procurement. Problems appear to have been most evident on projects which are either large in terms of sheer scale or critical because of the nature of the business change they effect. In particular the PAC report highlighted the following failures in IS projects:-
· inadequate appraisal and failure to ensure the system meets requirements.
· inadequate reappraisal in response to changing circumstances and requirements
· non-observance of established principles of full and open competition.
· conflicts of interest arising from inappropriate relationships with private sector consultants.
THE SIG RESPONSE
4. The SIG considers that value for money can only be measured by the effectiveness with which IS is used to support and facilitate the achievement of the corporate business and service objectives of an organisation. Those objectives are usually documented by means of a formal business plan. At each stage in the life cycle of information systems it must be possible to assess performance against an agreed, clear, relevant and up-to-date plan.
5. The lifecycle stages can be broadly described as:
- Setting Direction
- Delivering Products and Services
- Managing Products and Services once delivered.
These stages are iterative rather than purely sequential. Particular factors which need to be addressed to ensure the effective delivery and use of IS at each stage are set out below. Whilst the particular PAC concerns are primarily reflected in the delivery stage, the SIG believes the other factors identified are closely related and that it is through the full prescription that best value for money is achieved.
6. The SIG would emphasise that much of the relevant advice is a restatement of good management practice. Good management practices apply to the procurement and use of information systems, just as much as to anything else. May of the recent failures were due to poor management: they had nothing to do specifically with technicalities of IT.
7. In particular, good Project Management practices should be applied to IS projects as to any other major project. The management of large projects is inherently difficult. The skill lies in subdividing them into smaller steps which are capable of being properly controlled.
8. Those responsible for policy, planning and implementation must have appropriate experience and training, including the effective management and policing of external consultants and service providers if these are to be employed.
9. Successful implementation depends on the managerial and professional competence of those responsible. Strategies should not be embarked upon unless the necessary skills and competence are known to be available.
10. Problems will occur if the planning and management of the non-IS aspects of projects (redesign of business processes, implementation, training, testing, and so on) are not integrated with IS and subject to the same disciplines.
Setting the Direction
11. The essential strategic requirements for successful Information Systems are as follows:-
· The capability of the business customer to appreciate the potential and limitations of IS.
· The development by the business customer, with support from the IS department as appropriate, of a strategy which aligns the use and sourcing of IS to the business strategy, processes and plans of the organisation.
· The maintenance of IS Strategies so that IS responds appropriately to changes in the business of the organisation and to opportunities afforded by advances in technology and evolving standards.
· The clear differentiation of the roles and responsibilities of both business customer and IS provider: the implementation of an organisational structure and skill-set which gives effect to these roles.
· The realisation of predicted business benefits from IS, by rigorous identification, tracking and management of benefits and costs.
Delivering Products and Services
12. Success at the delivery stage cannot be guaranteed. The risks can be minimised, however, if proper attention is paid to the following:
· The design of IS programmes, sub-divided into IS projects, which are inherently capable of management and control, and of being delivered at low risk.
· The ownership of programmes and projects by a responsible and competent business customer.
· The allocation of clear authority and responsibility to individuals.
· The rigorous and systematic management of programmes and projects, against defined targets expressed in terms of meeting the requirements, costs, timescale, quality and risk.
Deployment of Resources and Skills
· The analysis of the most appropriate options for service provision, for example market testing, private finance initiatives, outsourcing, and so on.
· The identification of internal skills for managing external service provision, to ensure that it is properly and legitimately harnessed.
· The selection and effective use of available system and service delivery methods and tools to promote economy, speed, accuracy, quality and maintainability.
· The confirmation that the necessary programme and project management skills and structures are in place to handle the redesign, implementation and testing of business processes as well as informal systems.
· The integration into overall programme and project management of procurement processes which are designed to achieve optimal value for money and to deliver the stated business requirements and benefits.
· The adoption of procurement policies which meet legal requirements, for example on competition, and accepted ethical standards.
· The negotiation of contracts with suppliers which offer best value for money, clearly identify respective responsibilities and obligations, provide an appropriate balance of risk and reward for each party, allow for technology and business changes, and facilitate dispute avoidance.
Implementation & Review
· The regular review of programmes and projects, to ensure not only that they are proceeding according to plan, but also that the business requirements and context have not changed.
· The responsibility of the business customer to terminate projects if a review reveals that to be the best option.
· The explicit monitoring of acceptance tests, documentation delivery and user training, with all deliverables to be complete before projects are certified as complete.
Managing Products and Services
13. Specific management issues which need to be addressed are:-
· The implementation of and management by the customer of outsourced or in-house service provision arrangements to deliver value for money and stated business objectives.
· The efficient and effective management by the provider of IS infrastructures, supporting services and suppliers to meet the requirements of the business.
· The achievement of progressive improvements of the cost of ownership of systems and their ability to cope with changes in business requirements.
· The regular review of implemented systems and services to ensure their continued strategic fit, value for money and business effectiveness.
PROMOTING GOOD PRACTICE
14. The SIG proposes that the most appropriate vehicle for tackling all of these issues is the identification, definition, promulgation and adoption of acknowledged good practice in the areas identified. This in turn depends on suitable structures and personnel existing within the organisation.
15. The SIG considers that, with notable exceptions, there is frequently a lack of commitment to good practice in the public sector and that many problems arise because of attempts to work around perceived public sector constraints.
16. Knowledge of, and commitment to, good practice guidance must be supported by suitable management structures within the organisation. It must be carried out by properly skilled and qualified staff.
17. Whilst the availability of good practice cannot, of itself, solve the problems identified, it will provide a sound framework upon which individual organisations can devise solutions and responses appropriate to their own particular business needs and circumstances.
18. The SIG contends that good practice guidance and exemplars dealing with the majority of the issues identified already exist or are in the process of production or updating. In addition there are a number of potential sources of independent advice and assistance. A list is given in the Annex, together with details of how each may be obtained It is clear that an accessible guide to the literature would be advantageous.
19. Success with IS requires:
- adherence to good practice
- appropriate structures and staffing
- clear objectives and responsibilities
- good management (both of the organisation as a whole and the IS function)
- regular monitoring against objectives and plans
- a willingness to change direction or terminate projects if appropriate.
20. The SIG urges all responsible public agencies to adopt, advocate and encourage the use of the available good practice guidance described above. For its part, the SIG will consider what further work it is appropriate for it to undertake.
THE CONDITIONS FOR IS SUCCESS IN THE PUBLIC SECTOR
SOURCES OF GUIDANCE
CCTA (The Government Centre for Information Systems) provides a range of guidance across the IS lifecycle. Topics covered include: strategic planning, benefits management, the role of the business customer, appraisal and evaluation, programme and project management, risk management, information management, systems engineering, market testing and outsourcing, procurement and contracting, supplier management and infrastructure management. Guidance is in the form of publications and management briefings.
The CCTA produce a Publications Catalogue which is a useful guide to their literature.
For a copy of the CCTA Publications Catalogue contact CCTA Corporate Marketing Group, Rosebery Court, St.Andrew's Business Park, Norwich, NR7 0HS - telephone (01603) 704930.
The Central Unit on Procurement (CUP) in HM Treasury produces a series of guidance notes (CUP Guidance) on all aspects of general purchasing and supply procedures and practices.
Contact CUP, HM Treasury, Allington Towers, Allington Street, LONDON, SW1E 538 - telephone (0171) 270 1638.
The Efficiency Unit in the Cabinet Office has produced two relevant publications "The Government's Guide to Market Testing" and "The Government's use of External Consultants".
Available from HMSO Publications Centre, PO Box 276, London,SW8 5DT - Telephone (0171) 873 0011.
The NHS Executive Information Management Group produce a range of publications tailored to the particular needs of the NHS community: this covers both general guidance on strategic planning, investment appraisal and procurement, and advice on individual issues and initiatives.
For a copy of the Publications List, contact: NHS Executive HQ, Information Management Group, Information Point, c/o Anglia and Oxford RHA, Union Lane, Chesterton, Cambridge,, CB4 1RF - telephone 01223 275350/312225.
The publications which follow below have particular relevance to local Government.
The Audit Commission had produced three relevant papers - "Acquiring IT" (Information Paper No.4), November 1990, "The Acquisition of IT - a good practice guide", August 1992, and "High Risk/High Potential: Management Handbook on IT in Local Government", May 1994.
Available from HMSO or Audit commission, Nicholson House, Lime Kiln Lane, Stoke Gifford, Bristol, BS12 6SU - telephone 01272 236757.
Also directed mainly at Local government, are publications from SOCITM (Society of Information Technology Managers); attention is drawn particularly to "The Management and Provision of IT (MAPIT) programme" (ISBN 0 118 86106 9).
SOCITM can be contacted through the Secretary, PO Box 121, Northampton, NN4 6TG - telephone 01604 236540.