Decision not to publish Gateway reviews does not bear scrutiny - and here's why

It is in the public interest to publish reviews of public sector IT projects.

Ruth Kelly, financial secretary to the Treasury, has told Parliament she will consider introducing a statutory framework, which could strengthen the accountability in IT-related projects in the public sector. This publication has called for new legislation as part of its "Shaking up Government IT" campaign. To reduce the large number of government projects that fail to deliver the anticipated benefits, we have also called for the publication of Gateway reviews, which Kelly has rejected. In the past we have set out arguments for publishing the reviews. Now we respond to the specific arguments raised by ministers and the Office of Government Commerce against publication.

"If we took confidentiality away from the discussions we would not have such open and honest negotiations." (Source: Ruth Kelly, financial secretary to the Treasury).

It is understandable that ministers and departmental heads prefer secrecy to accountability to Parliament over their discussions on IT projects. If directors of publicly quoted companies were able to choose secrecy over openness, they too would prefer not be held to account for their decisions, to never be sacked for making wrong choices and assessments, and never scrutinised by shareholders.

But shareholders need protection against directors who mislead them. So there are rules, legislation and regulators to ensure accountability and transparency. In the aftermath of the Enron debacle, corporate governance has never had a higher profile.

In the public sector there are no rules, legislation or regulators to guarantee accountability and transparency to Parliament on IT investments that will cost taxpayers hundreds of millions or even billions of pounds. MPs are usually unaware of an IT-related disaster until they are inundated with letters of complaint about a public service from their constituents.

On the occasions when Parliament is given information on IT projects by departments there is no statutory or regulatory requirement that it be accurate or timely. When MPs were repeatedly assured by ministers and civil servants that the Post Office's £1bn Pathway project was on track, they had no means of checking this information was accurate. Despite the ministerial assurances, the project collapsed.

It took six years for Parliament to learn that the government communications centre GCHQ is spending £308m on an IT programme that it had estimated would cost £41m. The fact that Customs and Excise went through a "red light" on a Gateway review was disclosed almost by accident, during a hearing of the Public Accounts Committee in December 2003.

By default bureaucracies will always prefer to hold debates in private. Parliament met in secret in the 18th century, as did the committees of local councils in the early part of the 20th century. They did so for the same reasons advanced by the Office of Government Commerce: that debate in the open could inhibit their discussions. But the advantages of openness and accountability outweigh the desire for secrecy.

An early warning from a Gateway review that the police were having trouble implementing a national crime intelligence system could have alerted MPs and Parliament to the risk of a tragedy along the lines of the Soham murders before it happened. But the problems with developing the police system were kept secret until mentioned in last month's Bichard Report.

It seems a small step to publish a summary of the reviews of teams of people whose duty is to assess whether projects costing millions of pounds are heading towards disaster.

If ministers and departmental heads ignore the recommendations of Gateway reviews they are likely to be held to account by the House of Commons' Public Accounts Committee and [public spending watchdog] the National Audit Office. (Source: OGC).

The Public Accounts Committee does not examine every major high-risk IT project, or even most of them, and it is rarely given any detailed information about the results of Gateway reviews. For example, the biggest IT project in the world, in support of the modernisation of the NHS, has been running for nearly two years and there has been no report on its progress by the audit office and no published information on the results of its Gateway reviews.

If the Public Accounts Committee is given a summary of a Gateway review, it is several years after the project began, and long after any failure has damaged the public purse or services. By then, any officials who ignored the warnings from Gateway reviews are likely to have changed jobs and so will not be required to appear before the Public Accounts Committee.

If the reviews are published, they will be so crawled over by lawyers and public relations advisers that the final report will be anodyne. (Source: Gateway reviewer).

Were departmental heads forced into publishing reviews, it is likely they would wish to put into the public domain documents that bore little resemblance to the original.

But however much they were sanitised, the publication of Gateway reviews would chip away at the mountain of secrecy over government IT projects, would recognise the principle that it is good to be transparent and would be a step towards a change in culture. Even a fragment of truth would be better than nothing. It would allow stakeholders in the project to see how it is going, and encourage their comments and buy-in at an early stage.

If it ain't broke don't fix it - reviews are improving the success rate of government projects so there is no need to change things by publishing them. (Source: OGC)

It is widely agreed that Gateway reviews are a useful innovation but there are limits to their success. An internal survey by the NHS Information Authority last year found that 50% of project and service managers were "not confident that reporting red will cause any action to happen", said the authority. Some believed that the red lights were "not appropriate".

Gateway reviews, whether carried out internally or by the OGC, result in red, amber or green lights depending on the state of the project.

Last year Peter Gershon, the then head of the OGC, said that project planning in government was sometimes "little better than something on the back of a cigarette packet". This was two years after the introduction of Gateway reviews. With the government investing more in IT, on ID cards for example, the magnitude of the risks is growing. This makes it all the more important that the information is available from Gateway reviews to enable stakeholders and Parliament to scrutinise projects, particularly in the early stages.

Publishing reviews would make them less timely and effective because by the time they are approved their influence on the project teams will have diminished. (Source: OGC)

This is a disingenuous point because the OGC knows that the published version can be agreed and released whenever it chooses. The published version will not in any way affect the timetable of the original review and report which is usually ready in about three to five days and is given directly and unaltered to a project's senior responsible owner.

But the main objection to publishing Gateway reviews is not expressly stated and is rooted in the culture of the civil service. Departments tend not to alter decisions they have already set in stone, however strong the arguments in favour of change.

It would take a rare breed of civil servant or minister to voluntarily publish documents that the department has decided should be kept secret. But the public interest requires that the OGC revisits its decision not to publish, particularly when it is remembered that billions of pounds of taxpayers' money is at risk.

' Leader, p24


What are Gateway reviews?

Initiated by the Treasury's Office of Government Commerce in 2001, Gateway reviews examine a high- or medium-risk project at key stages in its lifecycle. Independent assessors give the project a green, amber or red light at each stage. There are usually six reviews: four before the award of contracts and two after.   The reviews have a de rigueur acceptance but they are kept secret and departments do not have to adhere to their recommendations. All that the OGC can do is send a private minute to the prime minister saying that certain departments are not accepting the advice of Gateway reviews or are not acting fast enough. Departments are assured that the reviews are confidential.

Read more on IT project management