Extend Whitehall blunder controls

Recommendations to prevent another ILA debacle should be extended across the entire public sector.

Recommendations to prevent another ILA debacle should be extended across the entire public sector.

An internal audit by the Department for Education and Skills (DfES), and a study by Cap Gemini Ernst & Young have provided a depressing insight into the catalogue of errors that led to the collapse of the Government's £260m Individual Learning Account (ILA) scheme late last year.

The many gaffes they have identified read like a litany of classic public sector project management mistakes, and reinforce the suspicion that, in Westminster at least, lessons are rarely, if ever, drawn from IT failures.

Pressure to deliver the project to a tight deadline meant that the contracting process between the DfES and Capita, the IT outsourcing company that headed the ILA scheme, was rushed and therefore flawed.

Insufficient staff resources were allocated to the project, and from the outset the department failed to capture and record its decision path, meaning that it later became difficult to trace to their source the problems that arose.

Most damaging of all, though, was the DfES' handling of the security implications of the scheme.

Government guidelines for security risk analysis were ignored, and insufficient risk assessment and ongoing risk management was carried out. The department's failure to furnish Capita with clear IT security specifications for the ILA scheme meant that the systems underpinning it had no structured procedures for identifying its misuse.

The resulting system carried insufficient in-built security, leaving it prey to unscrupulous training providers who removed money illegally from more than 5,000 ILA accounts.

The original ILA scheme is history now, soon to be replaced by a new - and hopefully more secure - manifestation. But the inquiry into the scheme's collapse by the Education and Skills Select Committee has rightly tried to seek a means of ensuring that similar blunders do not compromise future public sector IT projects.

The committee recommends that any fresh IT contracts drafted by the DfES should be available to Parliament for scrutiny.

Of course they should. Independent and vigorous monitoring of public sector IT projects is essential if they are to be transparent, and their leaders fully accountable for their decisions. The department has duly confirmed that it will make the contract details of the successor to the ILA scheme available for scrutiny.

But why limit this advance to the DfES? Public sector project disasters have been by no means confined to the education department. The Inland Revenue, the Passport Agency, the NHS and a raft of other public sector bodies have experienced the pain of IT project failure.

Surely, all IT contracts paid for with public money should be available for scrutiny as a matter of course? Only by putting such a policy in place, can we hope to escape the "not my responsibility" blame-avoidance culture that permeates Whitehall.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.