Computer Weekly called last week for a radical shake-up in the way ministers and government departmental heads manage major IT investments. The aim is to reduce the number of project failures without stifling innovation and sensible risk-taking.
The call is a response to evidence that the lessons from past IT disasters are not being learned when departments and agencies decide to embark on projects that will cost taxpayers millions and sometimes hundreds of millions of pounds.
Parliamentary committees and public spending watchdog the National Audit Office have issued countless reports on the failures of IT projects, yet their number seems not to diminish and the amount of money spent on large and risky projects is increasing.
The Department of Health, Department for Work and Pensions and the Ministry of Defence are embarking on projects that are among the most ambitious anywhere in the world.
When the US was faced with a series of high-profile IT disasters, it decided to introduce legislation to tackle the problem. The Clinger-Cohen Act, introduced in 1996, applies to government organisations and is not aimed at the private sector or suppliers to the public sector.
The Clinger-Cohen Act
Combining the IT Management Reform Act with the Federal Acquisition Reform Act, the Clinger-Cohen Act was signed in 1996 by president Bill Clinton. It was introduced following campaigns by the then senator William Cohen, and a consultancy, the Standish Group, that highlighted the administrative chaos in departments and agencies caused, in part, by the repetition of mistakes in acquiring IT and managing large projects.
In publishing the facts and principles that have led to the passing of the act the US government has been outspoken, contrite and revelatory. Nothing at all similar has ever been said by any UK government about its IT projects.
The US government, in passing the act, has set out the background: that information systems are critical to the lives of every citizen; that the efficiency and effectiveness of the government is dependent upon the effective use of information; and that the government spends billions of dollars every year operating obsolete information systems.
It also accepts that the failure to modernise systems and the operations they support, despite efforts to do so, has resulted in the waste of billions of dollars that cannot be recovered; that despite some improvements, most agencies cannot track how they spend their money and thus, expose the taxpayers to billions of dollars in waste, fraud, abuse and mismanagement; and that poor planning and project management, and an overburdened acquisition process, have resulted in "taxpayers not getting their money's worth from the expenditure of $200bn on information systems during the decade preceding the enactment of this act".
Principles underpinning the act were also that the "government's investment control processes focus too late in the system lifecycle, lack sound capital planning, and pay inadequate attention to business process improvement, performance measurement, project milestones, or benchmarks against comparable organisations".
To tackle the problems the legislation seeks to:
- Transform the process-oriented buying of IT into a "results-oriented procurement system"
- Increase the responsibility and authority of top officials, and their accountability to Congress and the public over the use of information technology and other information resources in support of agency missions
- Ensure that agencies are responsible and accountable for achieving service delivery levels and project management performance comparable to the best in the private sector
- Reduce fraud, waste, abuse, and errors resulting from a lack of, or poor implementation of, government information systems.
Many of the clauses in the Clinger-Cohen Act place a duty on departments to apply fundamental and agreed principles of good practice. Among the chief reforms is the insistence on the appointment of a chief information officer in each agency who has a duty to promote the effective and efficient design and operation of all major information resources management processes.
Although the UK government has some chief information officers few, if any, have powers similar to those given to their UScounterparts by the Clinger-Cohen Act.
For example, Clinger-Cohen requires chief information officers in the US to have information resources management duties as their primary duty and they must advise the head of the agency about whether to continue, modify, or terminate a project. In the UK these decisions taken at a ministerial level.
The US chief information officer must also ensure that the agency is accountable for the success, or otherwise, of the project and, if necessary, revise mission-related processes and administrative processes of the executive agency.
But in the UK's £2.3bn national programme for IT in the NHS, for example, the responsibility for revising working practices in line with the new systems is split between the national programme office, the Department of Health's modernisation agency and the programme's IT suppliers
In the US the head of an executive agency must identify "any major information technology acquisition program, or any phase or increment of such a program that has significantly deviated from the cost, performance, or schedule goals established for the program". In the UK deviations from programme are usually only reported years afterwards when a report of the NAO is published.
Before a US pilot programme may be conducted the project's administrator must submit to Congress a detailed test plan, including a detailed description of the procedures to be used and a list of any regulations that are to be waived. There is nothing in UK regulations like this.
How well has the act worked?
Tom Sisti, vice-president of consultancy Input, is a lawyer who has helped to draft US legislation that reforms procurement practices.
He said the Clinger-Cohen Act was much needed. It has led, for example, to much more open dialogue between suppliers and customers, he said, putting an end to a belief among public servants that they could not discuss matters openly with suppliers before awarding a contract.
"It has led to robust competitions and with everyone singing from the same hymn sheet," he added.
The act provides for suppliers to issue a protest if they feel a bid is too restrictive, which can lead to a bid being vetted independently.
Jim Johnson, chairman of the US-based Standish Group, whose reports on government IT failures provided evidence on which Cohen campaigned for the introduction of the act, said the law has led to improvements. "It makes people think about the legislation when they acquire and manage projects," he said.
Specifically, he said the act makes agencies measure the performance of their IT systems. But he said its effectiveness has been limited by the government's lack of willingness to enforce it. "If you don't prosecute people who rob a bank you cannot expect them to have a fear of the law," he said. He added that if success in IT projects could be measured as a mile-long journey, the Clinger-Cohen Act had taken departments and agencies a quarter of a mile along the road.
Johnson said the US would benefit from adopting UK-style Gateway reviews, in which independent specialists assess projects at every major stage, but he said they would need to be published.
"You cannot have accountability without visibility," he said. A fear of being fined or fired would help to focus the minds of key officials on complying with legislation, he said.
A report on the impact of US IT-related legislation, including the Clinger-Cohen Act, was published in January this year by the General Accounting Office. In 148 pages it said the act "imposed much-needed discipline in acquiring and managing technology resources", but found that compliance was patchy.
Clearly specialists in the US believe that the legislation has led to improvements. Computer Weekly believes that UK legislation which builds on the strengths of US laws and addresses its weaknesses, coupled with publication of Gateway reviews, would reduce the number of IT-related project failures.