OGC publishes traffic light status of Gateway reviews

The Office of Government Commerce has published the "traffic light" status and recommendations of Gateway reviews of 23 high-risk IT-related projects - three...

The Office of Government Commerce has published the "traffic light" status and recommendations of Gateway reviews of 23 high-risk IT-related projects - three years after Computer Weekly requested them.

The disclosures under the Freedom of Information Act cover projects such as the ID cards scheme and "Impact", a police intelligence system which Sir Michael Bichard recommended after an inquiry he chaired into the murders by school caretaker Ian Huntley of two 10 year-old girls.

Last month, the Information Commissioner ruled that it was in the public interest for Computer Weekly's request to be met in full - except for one high-risk IT-related project at the Home Office which was so secret it could not even be named.

Traffic light status

We had asked the OGC for the RAG - red, amber or green - status of Gateway reviews and their recommendations, as carried out on high-risk IT-based projects at the Home Office, Department for Work and Pensions and the Department of Health.

The OGC could have appealed against the ruling but did not - a possible sign of a change in culture at the OGC and within government towards more openness on the progress or otherwise of major IT projects.

In June, the OGC took the unprecedented step of releasing Gateway reviews - 31 of them - on the NHS's £12.7bn National Programme for IT (NPfIT).

Before then, the OGC had released no details about any Gateway reviews, except the names of projects and the Gate number, from zero to five.

The six main stages of a Gateway review assess projects through their lifecycle. Gateway zero reports on a project's feasibility, and five on its benefits.

Even today, though, no Gateway review at stage five has ever been published. The House of Commons' Public Accounts Committee has found that many departments and public sector organisations fail to request Gateway five reviews, even though they are mandatory.

Full reports held back

The OGC, in complying with the Information Commissioner's ruling to publish the recommendations and RAG statuses of the reviews we had requested, has decided not to release the entire reports, though it had the discretion to do so.

And the OGC has only released details of reviews which are at least three years old, which makes it difficult for potential users of the systems, MPs, the media and others to judge the progress of high-risk projects and programmes.

So the OGC's approach to openness and Gateway reviews is ambivalent: the arguments it had dreamed up against publishing recommendations and the RAG status of reviews were laboured.

It argued that it was not possible to "redact" - edit - the recommendations of reviews. The OGC told the Commissioner, "It is not the detail of [Gateway] recommendations that favours non-disclosure, but their fundamental nature. The balance of public interest is therefore in favour of complete non-disclosure."

It also told the Information Commissioner it did not want to publish Gateway reviews on high-risk projects because people may discover what projects were not being reviewed.

Of the latest Gateway information the OGC has published, much of it is worthy, professional and strikingly prosaic. "The project should confirm that it is delivering value for money," says an "amber" recommendation on a Gateway 4a review of the NPfIT electronic booking systems.

Useful information

Dull and limited as they are, the OGC's latest disclosures are welcome. If the OGC could bring itself to publish Gateway reviews which are current, and therefore relevant, it would allow scrutiny to be purposeful, rather than of historical interest only.

To its credit, the OGC has made Gateway reviews more useful than at any time since the launch of the scheme in 2000. Since April 2008 the reviews tell senior responsible owners what they really need to know: whether a project is likely to succeed or appears to be unachievable.

All the more reason for the OGC to shun Whitehall's still oppressive regime of secrecy and publish Gateway reviews while they are still up-to-date.

When knowledge of the way government works increases, the public contribution to policy making becomes more effective and broad-based; and greater openness will increase trust in the Gateway process and in the management of high-risk IT projects and programmes generally.

The FOI response to Computer Weekly in full - IT Projects blog >>

Related stories:

Government defends red light warning in ID card reviews

Publish Gateway review data, says government CIO

Make Gateway reviews public to improve success rate of government IT projects

Read more on IT risk management