Lessons of council's out of control project

The Audit Commission report into hard-pressed London Borough of Haringey provides an object lesson in how not to run an IT modernisation project.

The Audit Commission report into hard-pressed London Borough of Haringey provides an object lesson in how not to run an IT modernisation project.

Between Hackney in the south and Tottenham in the north is one of the poorest areas in the UK. It has crack houses in abundance, unemployment that is double the UK rate and thousands of homeless families call on the council for shelter.

But it is not all bad news in the London Borough of Haringey, at least not for the council's IT suppliers. For the authority has proved to be a beneficent sponsor of computer projects, some of which have involved some of the world's largest technology companies.

And one project at least, Technical Refresh, has the added benefit of arming IT suppliers - and users - with invaluable information on How Not to Manage an IT Project.

By the standards of computer disasters in central government, the £24.6m spent on Haringey Council's Tech Refresh scheme, as it is called, is unlikely to put it in the first tier of mismanaged projects.

But the £24.6m is more than twice the scheme's original budget of £9m; and rarely since the notorious "RISP" project was launched by Wessex Regional Health Authority in the 1990s has a public authority spent so freely with suppliers and consultants, without having adequate controls.

When the council watchdog the Audit Commission was eventually called in to investigate the Tech Refresh scheme, it found that suppliers and consultants were being paid millions of pounds without adequate controls or records. "The project leader who has left the council had day-to-day control of budgets," said the Audit Commission. "From the documents available to us, it is unclear how budgetary control was exercised."

Many of the mistakes made on Tech Refresh are the same as those made regularly by Whitehall departments: an independent evaluation of the project by consultants was interpreted as an endorsement of the project's proposals whereas it was only an assessment of the technical aspects; changes were made without independent challenge, and the approach to openness, accountability and clear reporting led the Audit Commission to say, "Escalation of problems and issues appears to have been taken in an informal way or not at all. It is not clear whether a number of these issues were hidden, ignored or just not acted upon appropriately at an early stage, or most probably a mixture of all three."

Similarly, MPs complain of problems on central government being hidden, ignored or not acted upon with the necessary degree of diligence. Since the NHS's national programme for IT was announced in 2002, doctors, IT specialists and MPs have complained - to no avail - that health officials release unrestricted amounts of good news on the project while giving away few hard facts on its problems, risks and challenges.

Within Haringey Council, general knowledge among some councillors about Tech Refresh was so scant that those whom Computer Weekly spoke to had no idea that Deloitte and Touche's auditing arm is the council's main internal auditor and its consulting operation is a major contributor to Tech Refresh, along with Northgate Information Solutions.

Nobody can be surprised that most councillors had little idea what was going on. Last year, a council report extolled Tech Refresh as a success apart from some "niggles".

"As reported last month, on capital there is potential slippage and subsequently additional costs on the Tech Refresh project," said a council report in October last year, reported on 20 December 2005.

"The roll-out of PC replacement is now well underway, and while good progress is being made some niggles are being experienced which have been highlighted in the risk monitoring process. An overspend of £0.5m is currently projected."

In January 2006 the council received the Audit Commission's report on Tech Refresh. At this point the top tier of officers and councillors ceased to refer to the project being marred by mere niggles.

"Members will see that there were a number of systematic failures in managing a programme of this size," said a paper to the council's 18 January meeting on the findings of the Audit Commission on the Tech Refresh project.

It was the first time some councillors had realised that the cost of the project had more than doubled, and that 140 change requests with a value of £7.1m had been raised. Four requests alone cost £4.7m, over which auditors could find no evidence of any discussions having taken place at project board level.

"It would be reasonable to expect changes of this magnitude to be discussed at project board level," said the Audit Commission. "But the audit trail for such discussions is lacking."

A large number of change requests - in which the customer and suppliers agree to change software, scope or specifications at extra cost - were submitted and approved retrospectively.  One example of this was a retrospective change request for £32,000 to cover the cost of running an information stall at the council's 2004 summer event.

"It is clear that the council's project leader was able to authorise a significant amount of change requests before any form of scrutiny was applied. A number of change requests do not have a business sponsor. This suggests that the level of segregation between request and authorisation was not adequate.

"A significant weakness identified in this area is that a number of change requests have been submitted and approved retrospectively. The lack of clarity around the status and control of change requests appears to have been a factor behind the cost overruns incurred by the project."

In the early stages the council did not keep only councillors and its council taxpayers in the dark. The project board lacked hard financial information on the project. Budgets were reported only in terms of days used; and when budgeted days were overspent there was no acknowledgement of the financial implications within the accompanying notes. "By September 2004, the highlight reports had ceased to provide even the information on days spent," said the Audit Commission.

Some councillors who wanted to know whether the project was within budget relied in the main on reports from the financial and performance committee, and the E-government Advisory Committee. But in the early stages of the project, reports of the advisory committee contained only a brief comment that expenditure was being contained.

In the later stages when difficulties were apparent to officers, no mention was made of the financial position of the project, said the Audit Commission.

Reports of the Financial and Performance Committee also provided inadequate information. These reports and a May 2005 briefing of the assistant chief executive "demonstrate confusion over the true picture of costs with varying levels of over and underspends being reported."

But the Audit Commission's report does not mention what many IT project management experts will see as the most worrying aspect of Tech Refresh. It is the absence of any information on the doubling of the project's original budget until long after it occurred.

The full council only had a clear view of the project's weaknesses, including the lack of controls, when the Audit Commission reported its findings last month.

One is left wondering how many other central and local public authorities are awarding work  on the basis of unrealistic estimates of costs to IT suppliers, a downplaying of risks, inadequate controls on suppliers and consultants, poor quality of reporting to elected representatives, and non-adherence to standards on good management practices such as Prince2 methodology.

The council leaders said they planned to act firmly and quickly on the commission's report. For example, they said they will "review the procedures for authorising and controlling change requests for all projects".

But there are few signs that the report of the Audit Commission has led to any deep-rooted change of direction when it comes to openness and accountability.

For example, the council's Executive Committee - a small group of Labour councillors and officers - met this month and discussed the authority's future IT infrastructure arrangements. As little has been published on the results of the meeting, Computer Weekly asked some opposition councillors, who comprise 16 of the total of 57 councillors, what the discussions of the Executive Committee were about.

They did not know - and the council declined to comment. A change in culture within the London Borough of Haringey - or central government for that matter - is a long way off, if it ever comes.

The lessons of Tech Refresh and Haringey Council

On the basis of its experience with the Tech Refresh project, the council needs to improve its procedures in a number of areas.

In particular, the council needs to:

  • ensure that budgets, in particular the revenue costs associated with large capital projects, are realistic from the outset, and subject to adequate challenge during preparation;
  • ensure that project budgets are coherent and that monitoring arrangements are robust at the day-to-day management level, with financial management roles and responsibilities clearly defined and allocated;
  • review its procedures for authorising and controlling change requests for all projects;
  • ensure that major revisions to project budget estimates are reported, reflected in formal virements and appropriately authorised. It would be appropriate for the council to review its delegated authorisation levels to ensure that adequate reporting to members is undertaken;
  • establish the costs expected to be incurred against key deliverables, and monitor these against actual costs;
  • provide for the representation of corporate finance on the project boards of major schemes;
  • consider the use of subject matter experts to challenge the design of future projects and give independent external challenge;
  • ensure that a robust project board is established with those nominated being able to commit the time and having the appropriate skills;
  • introduce a robust mechanism for quality and project assurance which is independent of the project;
  • ensure that project board reports cover project costs against budget for project staff, meetings, expenses, overtime, quality assurance staff, user testing, consultancy, hardware, software, installation, infrastructure, licences and temporary workers;
  • ensure that a clear audit trail exists for decision making within projects; and
  • consider whether a programme or project management approach is most appropriate at the outset of significant future projects.

Source: Audit Commission, Review of Project Management, Haringey London Borough Council, Audit 2005/2006

 

Audit Commission's key findings

We have identified two key areas - change management and variation orders - that have contributed to the additional costs of £10m, reflecting inadequate project specification and project management.

We concluded that there was limited evidence of:

  • regular attendance by some project board members at project board meetings, which impacted on continuity and ownership;
  • sufficiently senior project sponsorship;
  • adequate staffing resources being allocated to deliver the project;
  • robust challenge to additional costs arising during the project implementation;
  • adequate input from corporate finance to either budget setting or budgetary control;
  • clear thresholds for authorisation of variations to costs of the scheme;
  • application of appropriate budgetary control mechanisms, including provision of suitable financial information;
  • timely, transparent and accurate reporting of the project slippages and overspends; and
  • clear audit trails."

Source: Audit Commission, Review of Project Management, Haringey London Borough Council, Audit 2005/2006

Watchdog slams council

How it happened

 

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close