Series of mistakes by the Criminal Records Bureau led to failure of essential system

A report published this week reveals how a criminal checking system, although fundamentally flawed, was allowed to go live by the...

A report published this week reveals how a criminal checking system, although fundamentally flawed, was allowed to go live by the Criminal Records Bureau

The need for a radical reform of the way government manages IT projects was underlined by a report published last week by the public spending watchdog the National Audit Office.

The report highlights a series of defects in the management, planning, preparation and implementation of an IT system for the Criminal Records Bureau.

The system was designed to check the criminal background of anyone who wanted a job working with children or vulnerable adults, but its implementation in March 2002 had calamitous results: in some cases staff were recruited to positions such as care workers without a background check.

In addition, businesses incurred administrative costs in chasing lost or delayed application forms and backlogs of applications built up at the bureau. Recruitment agencies lost income as they could not supply staff, because job seekers could not take up posts until they had been cleared with the bureau.

Although the system has now stabilised, the National Audit Office said that customers have been dissatisfied with the service.

The problems occurred even though the bureau was a greenfield site, unencumbered by legacy systems or ingrained cultures. The project was managed by the Passport Service which had experience of IT disasters because of a failed implementation in 1999 of a passport system.

The fundamental mistakes highlighted in the report of the National Audit Office include:

Timescales too tight

Project implementation timescales were so tight they did not include a solid plan for a model office or pilot testing. This was not realised until three months before the system was due to go live, when it was pointed out in a gateway review by the Office of Government Commerce.

As a result of the review, the go-live date was deferred by six months until March 2002, to set up a model office and run pilot tests. The main IT supplier Capita was paid an extra £4.5m to cover the cost of additional system and pilot testing and for the six-month delay.

Constructive criticism ignored

Stakeholders issued warnings that the assumptions underpinning the project were wrong, but told the National Audit Office their warnings had been ignored.

They had questioned the proposed use of a call centre and argued that customers would prefer to apply for background checks by paper rather than phone. The Bureau went ahead with a call centre - and most applications came in by paper.

Stakeholders also questioned the bureau's planning assumption that applications would be received from individuals rather than in batches from an applicant's potential employers. The bureau went ahead and designed systems around individual applications - and many applications arrived in batches. Initially, the bureau could not cope.

One of the main bidders, E-Cres, had warned that the timescales were too short.

Beware the cheapest bid

Capita won the £400m 10-year contract with the cheapest bid. Its prices were lower than PricewaterhouseCoopers partly because of its shorter processing times. Capita worked on the assumption that 85% of job applicants would apply for checks by telephone, as suggested by the agency.

PricewaterhouseCoopers had based its bid on 40% of the applicants using paper forms. In fact, the assumptions by the bureau and Capita were wrong: four out of five applications turned out to be paper-based. By the time this was realised, data entry screens had not been designed for keying in paper forms and staff were not trained to handle paper-based applications. Also, the telephone systems did not work satisfactorily. Capita was paid an extra £1.7m to manage the unexpected bulk of paper-based applications.

Effective consultation with potential users came too late

Capita won the contract to build and run systems for the Criminal Records Bureau in August 2000, but it was not until 2001, a few months before the systems were due originally to go live, that the agency realised from its consultation with customers via roadshows that the systems and work processes might have to be redesigned to handle mostly paper rather than phone applications.

The National Audit Office said, "The business assumptions made at the start of the project and in the delivery of systems to process all types of application were key factors in the bureau's problems."

It said that "fundamental changes" were needed "when system and process design was well advanced". The report emphasised "the importance of consulting potential service users at the earliest opportunity."

The cost of problems fell in part on the taxpayer

Capita had additional costs of about £3.7m because of a failure to meet service levels and a lack of functionality in the system, for example, no web access. But in total it was paid an extra £8m for changes in requirements during the implementation phase for handling mostly paper-based applications and to cover the extra costs of testing and delays in going live.

About 220 staff had to be seconded to the agency to boost capacity and performance until the productivity of the system could be improved.

The system lacked flexibility

After the Soham murders, the government insisted that people working in schools had to be vetted before taking up their posts. However, this could not be easily handled by the system. This was because the system's design was based on applications being dealt with in date order. It was not possible to prioritise particular groups without manual sorting.

"The seconding of large numbers of staff from the Passport Service mitigated the size of the problem and hastened recovery," said the audit office.

Poor communication between the supplier and customer

Capita considered there were clear boundaries to its involvement in the project and hence it was limited in its ability to test the agency's assumptions.

The National Audit Office said, "Both parties began the development of the business processes and systems in a constructive way although the relationship came under stress as problems mounted. Matters were complicated by the lack of single operational ownership of the whole process."

Computer Weekly has cited the shambles at the bureau as one of the justifications for its call for a radical reform in the process of accountability for government IT projects.

Read more on IT risk management