Cabinet office minister Pat McFadden said in a speech in January 2007: “If things go wrong with government IT we should hold our hands up, fix the problem or learn the lessons.”
But nobody does. The opposite is more likely.
Investigations of the causes of large dozens of large IT-related failures show that organisations tend to react to crises in similar ways: they try to cover up.
But a corporate antithesis to criticism, and a welcoming of positive comments only, or even affected optimism, can be an early warning of an IT disaster.
When a new IT head joined the Performing Right Society he was asked by some of his staff not to report to his board that there were serious problems with a new system, the Performing Right OnLine Membership System. The technology was supposed to help ensure that musicians were paid royalties when their music was played in public.
The new IT manager decided anyway to report the problems to the board and the two-year old project was cancelled. It failed in part because the project team had put their efforts into sorting out specific technical problems and nobody in authority had taken an objective overview of the general health of the project. So it went unnoticed, or those involved had deceived themselves into not noticing, that the project could never work as originally conceived and designed.
In the private and public sectors secrecy and cover-up are part of the DNA of the public sector, but it’s more generally injurious in the public sector – which is a pity because hiding the specific lessons from mistakes debases the work of thousands of IT staff in the public sector who are helping to keep running smoothly hundreds of complex systems in what are often difficult circumstances.
It takes only a small number of cover-ups over major failures to sustain the impression among MPs, taxpayers and the media that government IT and incompetence are synonymous. Yet the cover-ups continue.
Computer Weekly’s requests under the Freedom of Information Act for details of particular IT projects involving the Department of Work and Pensions, the Treasury’s Office of Government Commerce, which oversees IT projects in central government, the Department of Health and the Cabinet Office have been rejected emphatically.
The Office of Government of Commerce, for example, is spending tens of thousands of public money on legal fees to fight a decision of the Information Commissioner that the results of “gateway reviews” on ID cards be published.
Gateway reviews are independent assessments of IT-based projects and programmes at various stages in their lifecycles. Much information is published on web on the results of particular gateway reviews. But still some officials at the OGC seem to enjoy arguing against their publication. There are others within the OGC who would prefer to be open about mistakes made on government IT projects and programmes but their organisation’s culture, and that of Whitehall generally, requires that openness is seen as an evil spirit that visits sleepers during a nightmare.
Whitehall officials prefer to publish reports which praise everything to do with IT, though few lessons will be learned from running commentaries from the observation tower at Heathrow airport on the safe landing of planes.
So it is refreshing to note that the Identity and Passport Service is being open about the lessons and mistakes from its key IT projects.
In response to Computer Weekly’s campaign for more openness and honesty over IT-based projects, the Identity and Passport Service has published a report on the lessons from its three main IT projects implemented last year, including the failure of its Electronic Passport Application [EPA2] system.
If all organisations – including those in the private sector – followed with conviction the lead of the Passport and Identity Service, it would help to dissipate the mystique over IT project management.
More importantly a genuine openness and honesty in reporting how and why specific projects have gone wrong would go a long way to making directors (or ministers) more accountable for failures.
While there is secrecy, they can take comfort in the run-up to an IT-related failure that the full facts will probably not emerge. If they know the truth will be told, they may do more in future to avoid an IT disaster.
This is a fuller version of a comment that has appeared in Computer Weekly and Computer Weekly online – here.