Many IT managers will be familiar with the term "Gateway review", which refers to a review of a specific central government IT project that involves acquiring or procuring technology. But do you know who actually runs them, how they work, or how useful they are?
A Gateway review is essentially a way to ensure that a high-risk government IT project is on track and being run in an efficient and cost-effective way.
Computer Weekly has campaigned for the results of Gateway reviews to be published, and last week reported that the Information Tribunal has ruled that Gateway reviews into public sector IT projects should not be automatically exempt from disclosure under the Freedom of Information Act, despite strong objections from ministers and civil servants.
The decision could lead to the disclosure of previously confidential reports into the progress and problems associated with a wide range of government IT programmes, including troubled projects at the NHS and Child Support Agency.
The review process is managed by the Treasury's Office of Government Commerce (OGC), which is responsible for improving the efficiency and effectiveness of government procurement projects. But the review itself is carried out by a team of experienced people selected by the OGC, who are independent of the project team.
"The OGC Gateway process examines a programme or project at critical stages in its lifecycle, to provide assurance that it can progress successfully to the next stage," the OGC said in a statement.
"The process is based on well proven techniques that lead to more effective delivery of benefits, together with more predictable costs and outcomes. It is designed to be applied to delivery programmes and procurement projects, including those that procure services, property and construction, IT-enabled business change and procurements using framework contracts."
The Gateway review uses a traffic light system of green, amber and red. A green light is awarded if things are on track, although the project could benefit if certain recommendations are adopted. If an amber light is given the IT project should go forward, but recommended actions should be carried out before the next Gateway review. A red light means that problems need to be fixed before moving on. "It means fix the key problems fast, not stop the project," said the OGC.
On a more granular level, the Gateway review process has five stages during the lifecycle of a project. Stages one to three are conducted before the contract is awarded, and the remaining two stages look at service implementation and operational benefits. Retrospective or combined Gateway reviews are not supported.
As well as these five stages, there is also Gateway review zero. This is a review of the IT programme itself, and can be repeated throughout the programme's life if key factors have changed.
According to the OGC, among the benefits of Gateway reviews is that they can help ensure that the best available skills and experience are deployed on the programme or project. Gateway reviews can also help to establish more realistic time and cost targets, said the OGC.
Reviews of government IT programmes and procurement are nothing new, and Gateway reviews are just one, albeit important, way to monitor IT projects.
Gateway reviews were derived from the 1999 Gershon Report on Civil Procurement in Central Government, which led to the formation of the OGC. However, a year later, another process, the Peer review concept, was developed from the Successful IT report.
As Gateway reviews examine an IT acquisition project through its lifecycle, a Peer review can provide an additional review at any point, where added assurance is needed or there are specific areas of concern. These Peer reviews are independent of the Gateway process.
In addition to these, the National Audit Office (NAO) and the Public Accounts Committee examine many government project failures. They help to identify what has gone wrong, and make recommendations on how to avoid similar mistakes in the future.
The NAO and John Bourn, who is the head of the NAO, are both independent of the government and are responsible for scrutinising public spending on behalf of parliament. Bourn himself certifies the accounts of all government departments and a wide range of other public sector bodies, and has statutory authority to report to parliament on the economy, efficiency and effectiveness with which government bodies have used their resources.
Bourn endorsed the use of Gateway reviews as an effective way to keep the government accountable. "Many of our recommendations focus on the need for greater stewardship and accountability within individual government departments, and across Whitehall more generally.
"Beyond this, the Public Accounts Committee has emphasised frequently the need for greater public transparency and accountability in departments' performance in managing their programmes and projects and, in particular, that the results of Gateway reviews should be published," said Bourn in an NAO report on Gateway reviews.
However, Bourn said there is a problem with Gateway review results not being made available to the right people, namely the Audit Committee and the relevant government department's Centre of Excellence.
"Forty-two per cent of Audit Committees were never briefed on the results of Gateway reviews, only 26% received quarterly briefings, and only 42% of internal audit and assurance departments received copies of all Gateway reviews," said Bourn.
In his opinion, Gateway reviews are key tools to help show government departments how well they are using their assets. "Historically, for IT-enabled change, this information has often been lacking, with few Gateway reviews at Gateway 5 (operations review and benefits realisation) having been carried out to assess for each programme and project whether the benefits hoped for have actually been secured," Bourn said.
The percentage of projects that reach Gateway 4 (readiness for service) and go on to Gateway 5 has improved, but more needs to be done, added Bourn. As a result, the OGC Supervisory Board has agreed that from 2006-2007 all programmes and projects must undertake a Gateway 5 review within 12 months of completing a Gateway 4 review.
There are numerous successful Gateway reviews that have eased IT projects through to completion. One of these was carried out for the Department for Work and Pensions, which recently implemented a payment modernisation programme.
The programme aimed to increase efficiency, cut costs and improve quality of service to customers by paying benefits and pensions directly into recipients' bank accounts.
The programme had Gateway 2 and 3 reviews, which identified risks to the programme from the pressure on front line staff to absorb the changes involved. But in January 2005 the programme received a green light under a Gateway zero review, which described the programme's approach to benefits realisation as "exemplary".
Another instance of a successful Gateway review process was the OGCbuying.solutions eSourcing service, which was a runner-up in the 2006 BT Government Computing Awards for Innovation. An executive agency of the OGC, OGCbuying.solutions delivers cost savings for central civil government and the wider public sector through a dedicated procurement service.
The IT project was subject to all five stages of the Gateway review process, and OGCbuying.solutions delayed awarding the IT contract to ensure the project addressed the findings of the Gateway team.
However, not all Gateway reviews give IT projects the thumbs up. According to the NAO, in July 2006, four out of five mission-critical projects were at the stage of red or amber warning lights in the Gateway reviews.
However, a red light does not always stop a project. For example, the failed Single Payment Scheme for farmers, run by the Rural Payments Agency, carried on despite three successive red lights at Gateway reviews.
Gateway reviews can shine the spotlight on government IT failures, and are supposed to be mandatory. However, some departmental executives pick and choose whether to carry them out.
In reality, only a small number of projects are subjected to Gateway 5 reviews, which establish whether the project has made any real difference to public services. Of all the projects that pass through Gateway reviews, only 5% are subjected to level five checks.
Gateway reviews have been proven to help high-risk projects that hit trouble and are willing to take advice. But for government project managers that choose to stick their heads in the sand and avoid the scrutiny, IT project failures can remain hidden from view until it is too late.
Have your say
Do you agree with Arif Mohamed's views? If you have an opinion about this or any article in Computer Weekly, e-mail email@example.com