ar130405 - Fotolia

Barnet Council audit finds some Capita services lacking

The internal audit reports show a series of failings by supplier Capita, such as “no documented IT disaster recovery plans” and gaps in change management processes

Barnet Council’s audit reports show failings in IT disaster recovery and IT change management, both run by outsourcing giant Capita.

The internal audit is the first review of the services Capita provides to the council since the contract was signed in 2013.

The 10-year contract, worth £32m a year, saw IT and back-office functions such as human resources (HR) and payroll transferred to Capita as part of the council’s One Barnet project.  

As part of the contract, Capita manages the IT disaster recovery programme (ITDR), as part of a wider business continuity management programme.

Under the deal, all of the council’s IT services – apart from the internal phone system – were migrated to a new datacentre, which the council told Computer Weekly is “Capita’s state of the art facility”.

Capita implemented capability at a secondary datacentre, having to maintain an interim disaster recovery system while this was being done. Capita is also replicating data to the secondary datacentre and taking backups “in preparation for the new full IDTR capability”.

However, the audit – which was rated as “limited assurance”  – found that “these back-ups cannot be used to restore capability as they have not been tested and there are no documented ITDR plans in place”.  

The council rates its IT applications as platinum, gold, silver or bronze based on how they affect the business. Under the deal, IT applications rated as silver and bronze are supposed to be recovered in 48 hours, with a maximum hour’s data loss.

Yet the audit found that for bronze applications, “the current project is not delivering”, and silver applications are only being restored in 96 hours “with up to a day’s worth of data loss”.

“There are similar inconsistencies at platinum and gold level,” it adds.

According to Barnet Labour, Capita’s partnership director Mark Dally recently apologised to the Audit Committee for the issues, saying “it was not our finest hour” and that the service was not performing as expected.

Controversy from the start

John Hooton, the council’s chief operating officer (COO), told Computer Weekly in a statement that the Capita contract has delivered £10m in savings over the past two years.

However, it has attracted controversy from the start. When the council first announced its intention to outsource the IT, in 2012, the council’s Labour councillors challenged the decision.

In early 2013, disability rights campaigner Maria Nash brought a case against Barnet Council, calling for a judicial review of the outsourcing programme, alleging the council did not properly consult citizens on the outsourcing plan. 

In April 2013, a High Court judge ruled that the objection came too late. Nash appealed, but a Court of Appeal ruled that the contract was lawful

Commenting on the audit, Barnet councillor Kathy Levine, Labour’s audit spokesperson, said in a statement: “Capita seem to be more interested in box-ticking so they get paid, rather than ensuring services are working.”

She added that it looked like there had been no serious monitoring of business continuity or disaster recovery plans, and “no serious effort to provide anything more than the most basic service”. 

“It’s quite clear the thin client model of allowing external contractors such as Capita to self-monitor is not working, just as we said it wouldn’t at the time of letting the contract. We were ignored and the Tories forced this dreadful contract through,” she said.

“The Tories are paying the price for their lack of interest in scrutinising this contract. It’s an ideologically driven experiment with Barnet taxpayers' money and services that is unravelling.”

However, Barnet Conservative councillor Richard Cornelius, leader of the council, told Computer Weekly that the Capita contract will save the tax payer £125m over the course of the deal.

He added that Labour has never been able to “present a costed alternative to deliver these savings, and the investment being made in the service”.

According to Cornelius, Capita inherited a “decrepit system that they have been working hard to approve”. IT for social services and finance were prioritised for upgrade and the supplier is working through the other services, he added.

Poor change management

As part of the internal audit, a report on IT change management, which looks at the period from January to December 2015, found that while Capita’s customer and support group (CSG) has made “significant improvements”, there are “many examples of a reactive rather than proactive approach to IT change management being implemented”. 

“This approach affects the quality of service provided to Barnet Council,” the audit said. 

“The IT change management process is not yet effectively embedded into the organisation (due to it being relatively new) and it is not yet at the required level of maturity expected from an experienced IT service provider.

“This limits CSG’s ability to effectively govern, manage, monitor and improve IT change and increases the likelihood of negative impact to services at Barnet Council,” it added.

The CSG also uses a “static, standalone spreadsheet” to manage configuration information, which is not linked to the existing toolset. The auditor found that this “is not suitable for an IT estate of the size and complexity of Barnet Council”.

“The standalone spreadsheet approach and lack of update process resulted in a backlog of outstanding configuration updates, as well as an inaccurate baseline of configuration information,” it said.

Plans to increase resilience 

The auditors tested 25 sample changes to check for effectiveness in the process. It found that with the eight of the 25 changes that were classed as major changes, not a single one had a full work plan document.

It also found that, at times, changes related to project implementation had been processed as emergency changes, simply to achieve deadlines.

“Lack of appropriate planning for a project-related change should not automatically invoke the emergency change process, as emergency changes carry an increased level of risk to the business,” the audit said.

It also found a lack of documented evidence to show effective governance and that there is “confusion with who is responsible for the policy, process and procedure documents”. 

John Hooton said IT services “is one area where Capita is putting in place further improvements to increase resilience”.

“We closely monitor the performance of all our contracts. As with all major service areas, some parts are delivering well and others need additional focus,” he said.

“In addition to implementing a disaster recovery service, an IT director has recently been appointed and a comprehensive configuration management database toolset will be introduced.” 

So far, Capita has delivered a range of services to the council, including virtualised infrastructure, automated backups and alerting for core infrastructure and asynchronous SAN to SAN replication with automated recovery devices.

Read more about outsourcing

Read more on IT for government and public sector