It is time to enforce existing best practice, not produce more unnecessary guidelines

Radical reform required to introduce project management accountability.

Radical reform required to introduce project management accountability.

Radical recommendations aimed at improving the success rate of central government IT projects were made by Computer Weekly last week in written submissions to a Parliamentary committee, which is investigating IT best practice.

This publication has advised the government to enforce compliance with best practice by introducing legislation, and to strengthen accountability by publishing Gateway reviews of major government projects.

Computer Weekly has also drawn Parliament's attention to the occasional abuse by government departments of the phrase "commercially confidential". Although many documents need to be confidential, Computer Weekly has provided evidence of documents being unnecessarily categorised in this manner.

An investigation into IT best practice by the Commons Work and Pensions subcommittee - to which Computer Weekly has made an 11-page submission - began last November and continues into March. Our submission, which will be supported by oral evidence on 23 February, has been prompted by evidence that fundamental mistakes were still being made by central government departments despite volumes of guidance on best practice.

The submission to the committee contends that the overriding need was not for more guidance on best practice but adherence to existing best practice - even when during projects departments come under considerable political pressure to go live with new systems.

Only last week a report by the National Audit Office on the Criminal Records Bureau highlighted a series of defects in the planning of a system to provide checks on the background of job applicants whose work could entail contact with children or vulnerable adults.

To help prevent further similar disasters, Computer Weekly's submission to the work and pensions subcommittee suggests three things in particular:

  • That the UK needs best practice to be enshrined in law, as in the US Clinger-Cohen Act.
  • That independent Gateway reviews by the Office of Government Commerce into the progress of projects be published.
  • That the committee review our evidence for contending that the phrase "commercial confidentiality" can, on occasions, be used by central government departments to categorise documents as confidential when they do not need to be.

The case for enshrining best practice in law

Central government departments have the benefit of volumes of guidance on best practice. It is also the case that ministers and accounting officers have some mandatory responsibilities in respect of mission-critical projects, but, in Computer Weekly's view, this is not always an effective mechanism for ensuring adherence to best practice.

Legislation that imposes a statutory duty on departments to follow best practice will be more effective. The US Clinger-Cohen Act, otherwise known as the IT Management Reform Act, sets out the key requirements for good project management, including cost benefit analyses, investment reviews, performance measures, comprehensive planning, and programme reviews.

More specifically, the Act, which became effective in the US on 8 August 1996, sets out to ensure that out-of-date, ineffective, or inefficient procedures and work processes are not automated. The Act is not perfect, but it has provided a solid statutory foundation for adherence to best practice. The Bush administration is said to have ramped up its use of the Clinger-Cohen Act.

Computer Weekly's submission states that UK ministerial responsibilities on major projects are not always as clearly defined as they could be, and there appears to be no clear mechanisms for allowing independent scrutiny by Parliament of whether the responsibilities have been met.

Gateway reviews by the Office of Government Commerce, part of the Treasury, have succeeded in making departments more aware of the risks of complex software-led projects, and there is evidence that the reviews have, in some instances, helped departments prevent a project failure. But the reviews are not a sure-fire way of stopping inadequate systems going live. Gateway reviews of new systems to support tax credits and the checking of criminal records gave the schemes approval to go live, which they did with calamitous results.

The case for publishing independent Gateway reviews

Computer Weekly's evidence to the work and pensions committee says that this publication understands why departments and Gateway reviewers would not wish the results of their assessments of public sector IT projects to be published. Computer Weekly believes, however, that the advantages in publishing them outweigh the desire in officialdom not to publish them.

As part of its submission, Computer Weekly cited a report into a problematic IT project at National Air Traffic Services. The report by consultancy Arthur D Little was written during the pre-implementation stages of the project. It disclosed important organisational, managerial and cultural weaknesses and recommended some fundamental reforms.

The recommendations in the report were acted on, and it was possible for outsiders, including the media and staff, to ask the organisation what actions it had taken. Computer Weekly believes that this is public sector accountability at its best.

Initially, however, National Air Traffic Services had strongly opposed the independent audit, although it was commissioned anyway at the request of the Transport Committee.

One reason that Gateway reviews are not published is that some officials believe it would compromise the advice given if reviewers thought their concerns would be made public. Computer Weekly believes that this is shown to be nonsense by the Arthur D Little report, which was full and frank in its disclosures.

This publication has every reason to believe that if Arthur D Little was asked again to conduct a thorough analysis of the management of a large IT project, knowing it would be made public, it would act with the same professionalism and courage it displayed when assessing the New En Route project at National Air Traffic Services.

If Gateway reviewers believe the quality and rigour of their advice and work would suffer if their reviews were published, Computer Weekly would question whether they are too culturally close to those they are reviewing and therefore perhaps not be sufficiently independent and objective to reach the tough conclusions that Gateway reviews sometimes demand.

If Gateway reviewers know their assessment would be made public, it could act as a counter-balancing force to departmental or political pressure to go live with an inadequately tested system.

With Gateway reviews operating in an environment of secrecy, and without any Parliamentary scrutiny until the National Audit Office publishes limited details of a review, sometimes months or years later, we believe there may be insufficient incentive for reviewers to always reach the necessary courageous recommendations, perhaps to halt a failing project indefinitely.

Paul Goodman, an MP on the House of Commons work and pensions select committee, is giving his support to the idea of a UK adaptation of the US Clinger-Cohen Act if it was found that adherence to best practice would prevent further IT disasters.

He also supports Computer Weekly's recommendation for Gateway reviews to be published. He says that if the Gateway review that preceded the introduction of tax credits had been published, it might have prevented the problems that followed.

Read more on IT project management