|How can we stop computer
This speech was given in the Public Accounts Committee debate on 29 June 2004
Mr. Richard Bacon (South Norfolk) (Con): It is a great pleasure to follow the right hon. Member for Swansea, West (Mr. Williams) - a doughty member of the Committee from whom I have learned a great deal in my three years on it. He mentioned the royal family, and the evidence shows that the Committee's scrutiny of the royal family has been very useful. I remember the report on royal travel by air and rail, which had the wonderful performance indicator, "cost per royal mile". Costs fell from £17 million to £5 million, and the amount of travel stayed the same by rail and doubled, I seem to remember, by air.
As ever, I pay tribute to the National Audit Office and to the team led by Sir John Bourn, and also to our Committee staff, led by Nick Wright and the Committee assistants Leslie Young, Ronnie Jefferson and Chris Randall, for all their hard work in keeping the Committee running so smoothly.
I want to concentrate on an issue that of enduring interest to the Committee - the planning, procurement and management of Government information technology projects. I was interested to hear what the hon. Member for Sheffield, Hallam (Mr. Allan) said earlier. I shall not duplicate any of his remarks, but he made some valuable points about IT, although I think we approach the topic from different angles.
It is a commonplace that mankind learns from its mistakes. We can think of many areas of human activity, from the building of bridges to the manufacture of aircraft, in which the consequences of failure led to improvements. The philosopher Karl Popper once said that all human knowledge was, in one way or another, the result of human beings' learning from their mistakes, and that is broadly true. The great and obvious exception to that principle is the planning, procurement and management of Government information technology projects. The Government appear to be condemned, or perhaps have condemned themselves, to repeat the mistakes of the past in an endless cycle.
I was looking forward to a reply from the Economic Secretary to the Treasury - not because I am not pleased to see the Financial Secretary, for it is always a great pleasure to see her, but because during our February debate I suggested that the Economic Secretary should start to publish the gateways reviews of the Office of Government Commerce. He said he would reflect on that suggestion, and I was looking forward to hearing the results of his reflection this afternoon, but I feel confident that the Economic Secretary has briefed the Financial Secretary on the result of his reflections on the benefits of publishing gateway reviews. I shall be interested to hear her conclusions, or his conclusions, on the basis of that briefing.
Just in case the Financial Secretary has not devoted as much time to the subject as I might have hoped, let me offer her one or two hints.
“There are still far too many projects and programmes reviewed by Gateway teams where, frankly, project planning is little better than something on the back of a cigarette packet.”
Those are not my words; I found them on the OGC website. They are, in fact, the words of Sir Peter Gershon, the former OGC chief executive, uttered when he spoke at the project and programme management, or PPM, awards ceremony on 23 October last year.
I firmly believe that if we are to improve things we need more scrutiny, more openness and more accountability in the system. Last week's issue of Computer Weekly - always a good read for those who want to know what IT disasters are in the pipeline -set out what was described as the life cycle of a public sector IT failure. It goes something like this.
First, there is the project design. The design accords with the best-practice project principles, but there is an expansion of the objectives and the costs as interested parties give their views on what the new systems could do.
In the second stage, an invitation to tender is issued. Civil servants faithfully reproduce the often unreasonable and, in some cases, simply ignorant demands of Ministers that the project be delivered at superhuman speed, when to anyone who knows anything about the subject the timetable looks completely unrealistic. However, the commitment to the time scales and to the project design is too great for heed to be paid to warnings from prospective end users, from trade unions, or indeed from any of the reputable prospective suppliers who are considering bidding for the project, that the timetable is too tight or the scope unrealistically ambitious.
The third stage is when contracts are awarded. After that, fuller consultation with potential end users begins, but it is usually inadequate or self-selective.
In the fourth stage, the supplier begins to realise that it has overestimated its ability to understand the customer's business, and to convert that into IT systems, and the customer realises that it has overestimated the capability of the supplier. More often than not, the supplier also realises that it has not asked enough questions before signing the contract, and that the customer has not understood its own business sufficiently well to explain its work practices, the complexities of the project, the risks of failure and the real costs to the supplier.
Now we reach the fifth stage, and the timetable begins to lengthen. The projected costs start to increase, but commitment to the project is now far too great for any indecision or U-turn to be allowed, so the Department ploughs on.
The project starts to founder in the sixth stage, which is characterised by the beginnings of the cover up. In this stage, failure is depicted as success, and Members of Parliament do not get well-rounded answers to questions.
In the seventh stage, the failure becomes apparent anyway. It is impossible to hide it because the public or the departmental end users are affected by the fact that the contract is being abandoned, changed, rewritten or even re-awarded to another supplier.
In the eighth stage, often years later, there are sometimes reports from the National Audit Office and the Public Accounts Committee.
In the penultimate stage of the cycle, the Department says that it has learned the mistakes from the past, and those who give the assurances that lessons have been learned move on to other jobs, often in different Departments.
Finally, those people are replaced by new personnel who embark on other projects that repeat the mistakes of the past, and the cycle begins anew.
That summary is all too realistic. Over the years, the PAC has examined scores of projects that exhibit those characteristics. The Inland Revenue tax credit system, which has already been referred to, was a classic example of a supplier being pushed into adopting a wholly unrealistic timetable and of a system being launched even though the contractors knew that it did not work properly. It became impossible to hide that failure when hundreds of thousands of citizens started to complain to their Members of Parliament that they were suddenly not receiving payments that hitherto, under the old working families tax credit, they had been receiving quite smoothly.
Another classic example was the passport office fiasco, where after the expenditure of many millions of pounds on a new computer system, people suddenly could not get their passports on time - something that one tends to notice if one is just about to go on holiday, no matter what smooth reassurances one gets from a Minister or computer contractor.
Sometimes the failure is not quite so obvious to the public at large, but it usually comes out in the end. In Operation Telic, the UK's military operation in Iraq, when containers arrived with equipment for our armed forces in Kuwait and platoons of soldiers started to break into the containers to see what was in them and to obtain the kit that they needed - breaking in was the only way to find out what was in them - it became clear that the Ministry of Defence did not have proper asset-tracking or consignment-tracking software. It could not track its equipment as it was delivered around the world and into theatres of operation for our armed forces.
Notoriously, that meant that there was not enough body armour available for our soldiers in the right places in the recent Iraq war. Let no one say that that was a cost issue: the body armour cost £169.70 per set and the MOD spent a mere £2.9 million on body armour for the recent conflict. The issue was one not of cost but of basic logistics.
In our hearing on Operation Telic, the MOD mentioned, almost en passant, that it had spent £120 million on a bespoke tracking system before it was scrapped four years ago - incidentally, 41 times more than it spent on the body armour for the recent deployment.
There was the usual story about how the money had not been wasted because it was being rolled into the next project, but the fact is that 13 years after the lack of decent consignment-tracking software was first identified in 1991, after the first Gulf war, that problem has still not been fixed, even though there are all kinds of commercially available off-the-shelf systems that tell users all that they need to know about exactly where their supplies are.
For example, the American firm Caterpillar can deliver a spare part for one of its customers anywhere on the planet in 48 hours. We are familiar with firms such as Federal Express and DHL, which can routinely tell customers exactly where in the system their deliveries are at any one moment in time.
With Government IT projects, it is endemic that there are problems that do not get solved and mistakes from which lessons are not learned, it is the same story wherever one looks. There is a fundamental inability to learn from mistakes.
Apart from the cases that I have already mentioned, we had the infamous Wessex regional health authority case, and the London ambulance system case in which the suppliers warned about potential problems and were ignored.
We had the mess over Inland Revenue self-assessment and the mess over the Central Veterinary Laboratory database for tracking BSE.
In the case of the national insurance recording system, the contract extension was double the price of the original contract, and with the caseworking system for the immigration and nationality directorate the supplier was paid for not writing software.
In the Libra project for magistrates courts in England and Wales, which has already been briefly mentioned, costs quadrupled.
The old Lord Chancellor's Department, before it was scrapped, paid some £232 million merely for 11,000 PCs, the printers and the “associated support” - whatever that means. I know that it does not include software, because that was clearly set out in the NAO report. That works out at about £20,000 per PC, or £10,000 even if we include the replacements, when it would have been perfectly possible to go down to PC World and buy the required kit for a few hundred pounds per desk.
There was the implementation of the national probation service's information systems strategy, which had seven project managers in seven years, five of whom knew nothing about project management. The result was a system so poor that no one wanted to use it.
There was the recent Criminal Records Bureau fiasco, whereby the prices quoted by potential suppliers to do the same job varied so wildly - from £250 million to £380 million - that the CRB got in another consultant to assess the relative merits of the bids, and to see where the discrepancy had arisen from. It still managed to end up paying significantly more than the highest bid.
We have already heard about the moving of the GCHQ computer, the cost of which, according to the management's own assessment, was £40 million. However, they told the board that the cost would be £20 million - do not ask me why because I do not know - and, of course, the actual cost was £400 million.
Despite the fact that the National Air Traffic Services system at Swanwick cost £337 million and supposedly offers a superior service and an immediate 40 per cent. increase in capacity, it plainly is not up to the job, as became painfully clear when all the nation's aircraft ground to a halt the other day because of problems with the West Drayton system - a system that the new Swanwick system was supposed to replace.
Very topically, Sir Michael Bichard says in paragraph 35 of his recent inquiry that
“although national Information Technology (IT) systems for recording intelligence were part of the original National Strategy for Police Information Systems (NSPIS) as long ago as 1994, no such system exists even now. It was, in fact, formally abandoned in 2000 at the same time as the launch of the National Police Intelligence Model (NIM), which sought to place intelligence at the heart of policing. There are still no firm plans for a national IT system in England and Wales, although, in contrast, such a system will be fully operational in Scotland by the end of this year”.
Mr. Allan: Does the hon. Gentleman share my fear that, in looking at all the IT failures, we might develop a very risk-averse culture whereby public authorities that do need new IT systems - the police are the classic example - do not invest in them because they are scared of what will happen down the line? That, too, would be very retrograde.
Mr. Bacon: I agree that that would be retrograde. I do not think for one moment that anyone can say that the public sector is risk-averse when it comes to IT projects. The public sector takes huge risks in respect of such projects, and in the main it does not know the size of the risks that it is running.
I want to mention two more examples. The first is the joint probation service and Prison Service offender assessment system - OASys - which is still in the pipeline. The report on that system, on which we were supposed to have taken evidence, was due in July but was postponed until 15 September. We learned as of yesterday that it has been postponed still further.
Secondly, there is the national programme for IT in the health service. Key aspects of what are multi-million pound contracts - the initial assessment was £2.3 million, but the latest Financial Times report suggests a figure closer to £6 million to be reviewed within mere months of their being signed.
The project has seen Professor Peter Hutton, the chief clinical adviser, resign as chairman of the clinical advisory board, and until extremely recently the views of GPs had been largely ignored. Indeed, in respect of many of the other projects that we have considered, the advice of the National Audit Office concerning the need to consult early was also totally ignored. The NHS has contracted to buy far more systems in phase 1 than there is demand from hospital trusts, and in phase 2 the contractors will almost certainly be unable to meet the likely demand. Finally, GP magazine described the programme as
“more likely to be a fiasco than the Dome”.
Mr. Jenkins: I listen with interest, as always, to the hon. Gentleman. He provides a list - too long a list - of near-disasters, but such contracts have been taken out with some of the best private sector companies in this country. Can he suggest a solution? Where are we to look if not to the best private sector companies in the country?
Mr. Bacon: I thank the hon. Gentleman for his extremely timely intervention, because at the top of my next page it says, "What can be done?" He is right: we are talking about some of the finest and biggest computer contractors in the world. The Financial Secretary must therefore consider the possibility that something systemic is going on. It simply is not the case that everyone wants to get things wrong or to have as many disasters as possible.
Something deeper is going on, and two areas deserve immediate attention, including from the Financial Secretary. To do so would not cost any money - she should be interested in that - and there would be an immediate benefit and a significant chance of improving the situation.
The first, which I briefly mentioned in our last debate on the subject, is the publication of gateway reviews. With a record as appalling as the one that I have just cited the hon. Member for Tamworth (Mr. Jenkins) is right that the list of mistakes is far too long - the burden is not on me to show why the Government should publish gateway reviews, but on the Government and the Financial Secretary to say why they should not publish them. What possible justification could there be for not publishing them?
Departments often bleat about commercial confidentiality as a reason for not publishing reviews. They say that they have an agreement with a supplier and that the commercial interests of that supplier would be threatened by greater openness, but that is not necessarily what suppliers themselves say when given the chance.
It was interesting to see that in the public evidence given to the Work and Pensions Committee in its ongoing inquiry into IT systems, the supplier stated that it did not have any problems with the publication of gateway reviews. On the contrary, the supplier said that it would welcome them. At the moment, it is not necessarily the case that suppliers are even aware that a gateway review is being undertaken. Amazingly, it is not a given that they know that a gateway review is happening.
Mr. Allan: On that point, does the hon. Gentleman agree that it would be helpful to see the early gateway reviews, those on feasibility and all the technical issues that do not necessarily involve suppliers, when we are debating legislation? For example, when we debate the draft ID Cards in this place, it would be helpful to have the early gateway reviews before us, to help us think about the feasibility of implementation.
Mr. Bacon: I entirely agree with the hon. Gentleman. While we are on the subject of ID cards, I read in Computer Weekly just recently that senior figures in the industry - including, I am delighted to say, the Government's new chief information officer - have poured scorn on the feasibility of the ID card scheme. Before the Financial Secretary goes off with her Treasury colleagues and spends thousands of millions of pounds on an ID card system, she should listen to the people in the industry who are saying that the Government's business case for ID cards is vapid. A great deal of money could be saved and spent on something that people want their taxpayers' money to be spent on. I utterly agree that the answer is to have more transparency at as early a stage as possible.
It would be worth comparing the position that I have described with some of the well managed projects. It was noticeable that some common themes for successful projects emerged at the recent corporate IT forum 'Tif' awards presentation for excellence in IT projects. I quote:
“The successful short-listed projects all had exceptionally close links between the business leader and the project team. The 'business customer/IT supplier' approach was all but absent, and the judges saw development of integrated teams, based around common goals, with each individual or group contributing something of value to the project. There was genuine collaboration, with the programmes adding something significant to the business.”
Yet far too often with Government projects, far from having such close collaboration on the project that the business customer/IT supplier approach was all but absent, the suppliers do not even know that a gateway review is under way.
It is not the case that suppliers are wary of such openness. It is Departments and their officials who are so wary. They are far more protective of the so-called need for commercial confidentiality, because it helps protect them from future criticism.
Mr. Jenkins: I want to be clear about this in my own mind. The hon. Gentleman is intimating that the difficulty lies not with the suppliers, but with the customers, and that the customers do not want the transaction to be transparent because it may be difficult to specify the exact requirements of the project from the outset. That may result from a lack of technical ability or understanding of how the system will work. Is the hon. Gentleman saying that we do not have the necessary expertise to undertake the projects in the light of the rigour of transparency to follow?
Mr. Bacon: I think that the hon. Gentleman makes a good point. The lack of procurement skill in government is quite widespread. However, I would not want to pretend for one minute that some suppliers do not also get things horribly wrong. In the case of the Libra project, for example, it was not only the Department that was responsible for the scandal, it was also the supplier, ICL/Fujitsu. To return to my earlier point, in successful projects there is close collaboration between the supplier and the Government, such that it works like a seamless collaborative integrated team.
The hon. Member for Tamworth brings me to my next point. The Chairman mentioned Mr. John Oughton, the new chief executive of the Office of Government Commerce. Ten years ago, he was in charge of the Cabinet Office efficiency unit. He led a scrutiny study that led to the publication in August 1994 of a report called 'The Government's Use of External Consultants'. The frontispiece of the report carried a quotation directly relevant to what the hon. Gentleman said. It stated:
“It is difficult to do good consultancy for a bad client, and it is difficult to do bad consultancy for a good client.”
That is true, but suppliers and Government need to be in an informed loop where they can learn from each other. Too often, suppliers are not trusted in the adult way that makes close collaboration and success more likely. Part of the answer is to publish gateway reviews, so that everyone can see where they stand - or, in some cases, simply what is going on.
My second suggestion is more wide ranging, and it draws on experience in the US. When that country was faced with similar problems, Congress passed the Clinger-Cohen Act 1996, which provides a statutory framework of accountability. The US Government recognised that the lack of accountability, particularly in IT projects, and a culture of secrecy and cover-up had contributed to major failures in IT projects. The Clinger-Cohen Act, in essence, requires Departments to report contemporaneously to Congress on the progress, or otherwise, of projects, and to disclose any deviations from standing orders.
If we had a similar system here, following a gateway review that revealed a red light on a project, it would, as a matter of course and at an early stage, become public knowledge that the Department concerned was facing a red light. In particular, it would automatically become public knowledge if a Department went through a red light.
Last week, the Committee published a report on Customs and Excise and its use of electronic delivery to transform its services to customers. The report refers to the fact that Customs faces an OGC gateway review, as many Departments do. It also notes that Customs should have had a sensitivity analysis, but that it plainly did not. It says that there should be proper management of consultants, and that there should be an overall, senior responsible owner.
It is extraordinary that, even now, we must tell Departments that they should have proper management of consultants and that they should have overall senior responsible owners for their projects. However, we still do not know for certain whether a red light was flagged up by the gateway review process that Customs and Excise then went through. That is how it appears, but we do not know for certain, because the OGC's gateway reviews are not routinely published. I think that they should be.
Legislation that provides a clear framework for accountability would be an important step in forcing the searchlight into some of the darker corners of IT projects, where the natural tendency is to cover up mistakes. There is an important contrast with what happens in the private sector. People often say that mistakes are made in the private sector too, and they are right: there are many such mistakes, but there is an important difference.
I spoke at a conference for IT suppliers a few months ago. The Committee's Chairman gets many invitations and is very kind in refusing them and palming them off to other members of the Committee. It is a matter of duty, I suppose. Before the conference, I was talking to a supplier who worked in both the public and private sectors. I asked her what was the main difference between the two sectors, and she said there were two differences - speed and commitment.
In the private sector, greater speed applies to decisions, and to the rapidity with which the plug is pulled if it becomes clear that circumstances have changed, that the market has moved or that the project has been rendered irrelevant by other changes. The supplier said that commitment is what top management in the private sector devotes to a project. That commitment is far too often lacking in Government projects.
I repeat my two proposals for the Financial Secretary's consideration, that gateway reviews should be published as a matter of course, and that a statutory framework for openness and accountability should be introduced, building on the lessons of the Clinger-Cohen Act.
The Financial Secretary may say no to my proposals, and she may assert that they are not necessary. However, given the public sector's catastrophic record in procuring IT projects under Governments of all political complexions, the Treasury has to do more. It must say whose side it is on. Is it on the side of taxpayers and citizens, who expect good value and service for the taxes that they pay, or not?
Unless the Treasury is prepared to change, the IT disasters will continue to happen
- not because anyone wants them to, but largely because there are no real obstacles in the path of failure.
ARTICLES: It's time to open the door
|© Richard Bacon 2010|