House of Commons Public Administration Select Committee
Government and IT— “a recipe for rip offs”: time for a new approach
Twelfth Report of Session 2010-12
Volume II Oral and written evidence
Additional written evidence is contained in Volume III, available on the Committee website www.parliament.uk/pasc
Ordered by the House of Commons to be printed 18 July 2011
HC 715-II Published on 28 July 2011 by authority of the House of Commons London: The Stationery Office Limited £18.50
The Public Administration Select Committee
The Public Administration Select Committee is appointed by the House of Commons to examine the reports of the Parliamentary Commissioner for Administration and the Health Service Commissioner for England, which are laid before this House, and matters in connection therewith, and to consider matters relating to the quality and standards of administration provided by civil service departments, and other matters relating to the civil service.
Current membership Mr Bernard Jenkin MP (Conservative, Harwich and North Essex) (Chair) Nick de Bois MP (Conservative, Enfield North) Alun Cairns MP (Conservative, Vale of Glamorgan) Michael Dugher MP (Labour, Barnsley East) Charlie Elphicke MP (Conservative, Dover) Paul Flynn MP (Labour, Newport West) Robert Halfon MP (Conservative, Harlow) David Heyes MP (Labour, Ashton under Lyne) Kelvin Hopkins MP (Labour, Luton North) Greg Mulholland MP (Lib Dem, Leeds North West) Lindsay Roy MP (Labour, Glenrothes)
Powers The powers of the Committee are set out in House of Commons Standing Orders, principally in SO No 146. These are available on the Internet via www.parliament.uk
Publication The Reports and evidence of the Committee are published by The Stationery Office by Order of the House. All publications of the Committee (including press notices) are on the internet at www.parliament.uk/pasc.
The Reports of the Committee, the formal minutes relating to that report, oral evidence taken and some or all written evidence are available in a printed volume(s).
Additional written evidence may be published on the internet only.
Committee staff The current staff of the Committee are Clive Porro (Clerk), Ben Williams (Second Clerk), Alexandra Crampton (Committee Specialist), Paul Simpkin (Senior Committee Assistant) and Su Panchanathan (Committee Assistant).
Contacts All correspondence should be addressed to the Clerk of the Public Administration Select Committee, Committee Office, First Floor, 7 Millbank, House of Commons, London SW1P 3JA. The telephone number for general enquiries is 020 7219 5730; the Committee’s email address is [email protected].
Witnesses
Tuesday 8 March 2011 Page
Dr Edgar Whitley, London School of Economics, Professor Helen Margetts and Dr Ian Brown, Oxford Internet Institute Ev 1
Professor Nigel Shadbolt, University of Southampton, and Sir Ian Magee, Institute of Government Ev 12
Tuesday 15 March 2011
Martin Rice, CEO, Erudine, David Clarke MBE, CEO, British Computer Society, Janet Grossman, Chair, Intellect Public Sector Council, and Sureyya Cansoy, Director of Public Sector, Intellect Ev 21
Adam McGreggor, Rewired State, Andy Burton, Chair, Cloud Industry Forum, and Jim Killock, Open Rights Group Ev 33
Tuesday 22 March 2011
Mark Adams-Wright, Chief Information Officer, Suffolk County Council, David Wilde, Chief Information Officer, Westminster City Council, and Martin Ferguson, Head of Policy, SOCITM Ev 41
Joe Harley, Director General and Chief Information Officer, DWP, Malcolm Whitehouse, Group Applications Direcor, DWP, Phil Pavitt, Director General and Chief Information Officer, HMRC, and Mark Holden, Director Projects and Programmes, HMRC Ev 50
Wednesday 23 March 2011
Craig Wilson, Managing Director, UK and Ireland, HP Enterprise Services, and Howard Hughes, Vice-President and General Manager for DWP, HP Enterprise Services Ev 57
Wednesday 30 March 2011
Rt Hon Francis Maude, Minister for the Cabinet Office, and Ian Watmore, Chief Operating Officer, Efficiency and Reform Group, Cabinet Office Ev 74
List of printed written evidence
1 Westminster City Council Ev 89 2 Cloud Industry Forum Ev 92 3 British Computer Society (BCS) Ev 95 4 Socitm Ev 99 5 Hewlett Packard (HP) Ev 103 6 Erudine Ev 110
7 Intellect Ev 113 8 Rt Hon Francis Maude MP, Minister for the Cabinet Office Ev 117 9 London School of Economics and Political Science identity Project Ev 124 10 Open Rights Group Ev 130 11 Supplementary evidence from Intellect Ev 134 12 Supplementary evidence from Socitm Ev 136 13 DWP Ev 140 14 HMRC Ev 141 15 Supplementary evidence from Hewlett Packard (HP) Ev 141 16 Supplementary evidence from Cabinet Office Ev 149
List of additional written evidence
(published in Volume III on the Committee’s website www.parliament.uk/pasc)
1 Wingham Rowan Ev w1 2 Anonymous Ev w1 3 Martin Caxton Ev w2 4 Mario Devargas Ev w3 5 Common Software Measurement International Consortium (COSMIC) Ev w4 6 David Moss Ev w7 7 Pat Keane, Bracknell Forest Borough Council Ev w12 8 David Chassels Ev w13 9 Centre for Effective Dispute Resolution (CEDR) Ev w17 10 Michael Phythian Ev w18 11 Alex Stobart, Enterprising Scotland Limited Ev w19 12 The Institute of Creative Technologies, De Montfort University, Leicester Ev w22 13 Jonathan Murray Ev w25 14 Andrew Hardie Ev w30 15 Peter Buchanan, think gov Ev w34 16 Dr Leonard Anderson Ev w38 17 The Information Commissioner Ev w42 18 Tony Collins Ev w44 19 Sirius Ev w45 20 Ministry of Defence Ev w47 21 Logica Ev w50 22 BSA Ev w52 23 Roger Marshall Ev w56 24 OpenForum Europe Ev w58 25 Rupert Collins-White Ev w63 26 IT Profession Delivery Management Competency Group Ev w66 27 Philip Virgo Ev w68
28 Software Industry Research Board Ev w71 29 Royal Borough of Windsor and Maidenhead Ev w76 30 EURIM (The Information Society Alliance) Ev w78 31 William Heath Ev w82 32 Open Source Consortium Ev w84 33 Gartner Ev w87 34 Public and Commercial Services Union Ev w95 35 Dextrous Web Ev w97 36 McAfee Ev w100 37 Conservative Technology Forum Ev w104 38 Communications Management Association Ev w108 39 Citrix Ev w110 40 Commercial Litigation Association (CLAN) Ev w113 41 CISCO Ev w116 42 Canon UK Ltd Ev w119 43 The Institute of Engineering and Technology/Royal Academy of Engineering Ev w120 44 NLAWARP Ev w124 45 Additional evidence from David Chassels Ev w126 46 Additional evidence from Open Source Consortium Ev w126 47 Olswang LLP Ev w128 48 IBM Ev w130 49 Additional evidence from Open Source Consortium Ev w136 50 Microsoft Ev w137 51 Alpine Resourcing Ev w145 52 Industry Technology Facilitator Ev w147 53 Kelvin Prescott and Susan Atkinson Ev w148
cobber Pack: U PL: COE1 [SO] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Public Administration Committee: Evidence Ev 1
Oral evidence
Taken before the Public Administration Committee on Tuesday 8 March 2011
Members present: Mr Bernard Jenkin (Chair)
Charlie Elphicke Kelvin Hopkins Paul Flynn Greg Mulholland Robert Halfon Lindsay Roy David Heyes ______
Examination of Witnesses
Witnesses: Dr Edgar Whitley, London School of Economics, Professor Helen Margetts, Oxford Internet Institute, and Dr Ian Brown, Oxford Internet Institute, gave evidence.
Q1 Chair: Good morning to our witnesses. First of studies like that—but if we were to point to the key all, may I welcome you to this session about IT and distinguishing features that seemed to be having an ICT in government? Please identify yourselves for effect, it was the scale and timing and contract value the record. of IT contracts. It was the concentration of the market Dr Whitley: My name is Edgar Whitley; I am a in the UK; it is a far more concentrated market, with Reader in Information Systems at the London School a small number of suppliers getting the bulk of the of Economics. contracts, than any of the other countries we looked Professor Margetts: I am Helen Margetts; I am at. Another distinguishing feature would be the lack Professor of Society and the Internet at the Oxford of IT expertise within the Government. In all the other Internet Institute, University of Oxford. Governments we noticed a greater effort over a Dr Brown: My name is Ian Brown; I am Senior sustained period of time to retain some expertise Research Fellow at the Oxford Internet Institute at the within Government. I can say more about any of this. University of Oxford. Q6 Chair: Yes, I am sure you will. Why do you think Q2 Chair: Thank you very much indeed. You are successive Governments found it so difficult to here as much as witnesses as to help the Committee resolve this? through this problem, so we do want you to say what Professor Margetts: There is a certain amount of past you need to say. So if the questions are not on target, dependency in terms of some of those factors in the please take an opportunity to add, but obviously we UK. For example, lots of things are being done at the have got a lot of questions to get through, so be as moment to try and reduce the size of IT projects and brisk as you can be—that would be extremely helpful. to reduce the size of IT contracts, but there are some If I may I will kick off by asking a question of very large long-term legacy contracts that are still Professor Margetts. You wrote a book Digital Era there—although they have been renegotiated. Governance, in which you described the UK as “a world leader in ineffective IT schemes for HMRC’s contract with Capgemini, for example, goes government”. Why did you come to that conclusion? on to 2017. Some things become very difficult to Professor Margetts: It was a seven country study tackle once those characteristics have been put in looking at electronic government, big IT projects, place. contracts, the computer services market, a whole range of factors that affect government IT, and we did Q7 Chair: But surely we can learn from these other find the UK to be an outlier both in e-government countries’ experiences? performance and in the number and scale of IT Professor Margetts: I think we can, although I would disasters. not say from that study that any one country gave the total answer. These are big problems for big Q3 Chair: Which were the comparator countries? Governments, and no one country has the solution, Professor Margetts: Japan, Canada, the US, the but in each of the countries we looked at I would say Netherlands, Australia, New Zealand. that there were features that we can draw out and learn from. The US, for example, are contracting legislation Q4 Chair: So some smaller countries, but some that mandates the involvement of smaller companies similar sized countries and the United States? in contracts, rather than relying on a small number of Professor Margetts: Yes, that is right. very large suppliers. That is something that we are beginning to see move to here. Q5 Chair: And what are the distinguishing features of the UK experience? Q8 Chair: So more competition seems to be— Professor Margetts: If we were to point to one Professor Margetts: More competition in thing—obviously it is difficult to identify causality in contracting, absolutely. cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Ev 2 Public Administration Committee: Evidence
8 March 2011 Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown
Q9 Chair: Our contracting is not already too not studied Tesco, so I cannot speak for them—I bureaucratically regulated to create competition that would expect would be a fairly straightforward, single actually mitigates against competition? One organisation with a very clear “these are the different sometimes feels that the public procurement directive branches, these are the regions,” however it is done, actually mitigates in favour of large providers. whereas the NHS organisational structure is much Professor Margetts: Yes, if you introduce registration more fragmented, much more distributed, so you are that mandates the involvement of SMEs, for example, going to get issues arising from non-technology policy then that sounds like more bureaucracy, but I would issues about how you structure the NHS and where say that it is completely essential if you want to move the technology element of that fits in. towards a more innovative environment. Q13 Paul Flynn: We are about to fragment the Q10 Chair: Is this a British disease? Does it affect Health Service into thousands of small groups. Do you the private sector as well? Does the private sector think this is likely to discourage the kind of decisions make a mess of ICT acquisition as well? that we need, which should be really centralised Professor Margetts: They do, and they are a lot better decisions rather than decisions distributed throughout at keeping it secret, but I think it is fair to say that if the land again? Tesco’s information architecture was in the same state Dr Whitley: I think there is a difference between as the British Government’s then you would have centralising decisions and having decisions about, for needed a much bigger room and much longer ago. A example, standard procedures, processes and levels of lot of the problems that the UK Government is facing service that you require. So yes, there is a risk that if now, very large private sector companies facing the e- you let a thousand flowers bloom you end up with a commerce challenge were dealing with 10 years ago. thousand different systems and a thousand different Chair: Any others wish to comment at this stage? procurement contracts. Paul Flynn: A lot of weeds. Q11 Paul Flynn: Can I comment on the Tesco example? Tesco’s error rate, I believe, is something Q14 Chair: I am very encouraged that we have a like 1 in 10,000 transactions for things, using the Labour MP that wants the NHS to be more like Tesco. barcode, principally, using that, and they have a very Dr Brown? sophisticated system going from the tills to the Dr Brown: At the same time, as Doctor Whitley was warehouses and so on, and a hugely successful leading into, the NHS’s Connecting for Health system. The National Health Service has an error rate programme has not been a success, by and large, so above one in 10 cases. Why is this? far, and if you read reviews by people like Professor Professor Margetts: Well, because of some of the Trisha Greenhalgh of that, one of the reasons seems problems I have been talking about. I rather imagine to be that there was too much centralisation—that too that the electronic systems that Tesco operates have much was being decided in the centre rather than by been evolving over time, and there may have been a the clinicians that needed to have a strong say about time when they had a much higher error rate, but it the functionality, and how those systems worked in really has been prioritised; they have been recognised practice. as the lifeblood of the organisation. I think it would Chair: A Tesco store manager has far more autonomy be fair to say that here they have not: they are than a hospital manager. relatively unimportant. Dr Whitley: There is also an element of the nature of Q15 Charlie Elphicke: If I may, three questions, the task: the purpose for a Tesco system is going to which I will ask all at once to save time. First, how be a lot more constrained than dealing with patients do other EU states manage the EU public procurement across a whole variety of service providers, different provisions that Europe hands down, without having parts of a hospital interfacing with local government, their markets sewn up by IT fat cats who abuse the etc. That does not explain the huge order of magnitude taxpayer? Two, would opening up procurement to difference, but there is certainly an element of the SMEs make a dynamic difference? How much of a different kinds of problems that the systems are trying difference would it make in practice? Three, would to address. Open Source help get better value for the taxpayer as well? Q12 Paul Flynn: This technique of barcodes and so Chair: One sentence each. on has been around for about 20 years. Is it a matter Professor Margetts: There is no doubt about it that that if Tesco decide to use it, it is a single person that other European markets are not so concentrated, decides to use it or a body, but if we are trying to nowhere near so concentrated, and nor is the US, and introduce it into the Health Service we have to one of the ways they have done that is by fostering introduce it to a thousand different groups of people? local domestic suppliers by drastically reducing the Is that one of the obstacles? Is there an inbuilt size of contracts that are let—the kind of contracts conservatism, a reluctance to change, in the Health that are billions of pounds, 10-year contracts that just Service? We take it that the decisions of the Health do not happen in other European countries. Service are marginally more important than decisions Dr Whitley: Certainly the size of the contract is an taken in Tesco. important issue for the SME market, because if you Dr Whitley: I think there are two different things that are a large Government department you do not come together. One is the organisational particularly want to be relying on a small company decision-making structure, which in Tesco—I have with five employees, three of whom may leave if they cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Public Administration Committee: Evidence Ev 3
8 March 2011 Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown do not like the way the boss is acting, or whatever, what it was for, with the whole thing being done on so there is always a risk associated with giving large the basis of exploiting the heightened fear of amounts of work to SMEs. There is a sense that the terrorism? current process does not encourage SMEs; it does not Dr Whitley: I would present it slightly differently. provide the opportunities for SMEs to make the kinds Certainly the analysis—and I think we submitted this of contributions that they can given the scale, given to the Home Affairs Select Committee; it was one of the expertise that they have. In many cases they will the two inquiries into the surveillance society— have very specialist skill sets, technology and showed that the legislation—not just the title of the capabilities, but clearly you cannot imagine an SME bill, but the actual legislation—strongly suggested, or providing technology roll-out for every NHS Trust. determined or guided, a particular technology Dr Brown: All I would add is, on the third question, solution. The idea of writing the National Identity yes, I think that greater use of Open Source, open Register into the legislation, with all of the APIs, Open Standards does contribute to an ecosystem mechanisms around updating and penalties, etc, did where you are likely to get a greater number of players have a very strong “this is not only what we would and perhaps stimulate innovation that way. like to do—we want to have a mechanism for allowing people to authenticate their identities in Q16 Greg Mulholland: I am going to ask a few various circumstances—but here is a very technology- questions about the doomed Identity Cards driven design for doing that.” So, it was there in the programme, mainly aimed at Dr Whitley because of legislation, arguably. your evidence. If the other two would like to chip in Was it there just for the desire of the IT companies? I please do indicate, but I am going to direct the would not put such a strong causal link on there. You questions mainly at Dr Whitley. The first thing to say have to recall that two of the large IT suppliers is there are many of us from a political perspective in actually withdrew from the process of bidding to be the House of Commons on all sides from a civil part of the strategic supplier group, because they did liberties perspective that are absolutely overjoyed that not want to be part of the proposal for whatever this farcical project has now been scrapped. But what reasons. It has not been made public what reasons I would like to ask you from an IT procurement they used for withdrawing, but two high profile perspective and delivery is: do you think—aside from companies actually withdrew from the bidding the political arguments that may or may not been process. I suspect that once the decision had been there—we were heading for another IT disaster that taken, “Right, we are going to do this; we are going would have cost the taxpayer vast amounts of money? to get some cards out by 2009; we need to have Dr Whitley: Was it going to be a disaster? The way it something that works,” then the contracts would have was heading it was never going to get enough take-up been written to say, “Right, can you deliver this kind for it to be a large-scale disaster, so a disaster in the of capability and we will worry about the other things sense of lots of money was being spent with very little like online transactions at a later stage.” contribution, very little benefit to UK society, but not a disaster in the sense of it suddenly affects the lives Greg Mulholland: Do you think that that is the hub of the whole population, because I think only 13,000 of the problem, that the Government were set on citizens had signed up for cards to begin with. doing this and had lost sight of why it was doing this, I think one of the problems that the scheme was facing and therefore there were no firm policy objectives for was the fact that because there was no functionality IT solutions to fit? Because it is a little bit like the in the public documentation about how the identity war in Iraq: one minute it was about weapons of mass card or the token could be used for online destruction; the next minute it was about regime transactions, lots of people were pressing the IPS to change. Similarly ID Cards were supposed to be about say, “When are you going to be releasing the preventing terrorism, and that was blown out of the functionality? How can we start to integrate that with water when suddenly the 7/7 bombers all had our business services?” Because they wanted to get a perfectly valid British identities. Then it became about system that had some cards delivered—it said we will other things—benefit frauds—and in the end the start issuing cards by 2009—it seemed that the focus Government just became committed to it and was too was on getting some cards out into the greater embarrassed not to drop the programme. Is that not population, even though they actually had very little making it impossible for IT to deliver something when useful functionality. There was a focus on getting the stated policy objectives are not clear? That leads something done rather than actually delivering to the costly failure that you mentioned in your first something that would be of use to UK citizens. answer. Dr Whitley: Yes, so clearly the scope, or the espoused Q17 Greg Mulholland: I think that leads very nicely scope, of the scheme varied. I used to joke, “What on to the next point, which is do you think this whole day is it? It’s Tuesday. Oh, well, it is going to be about scheme was the wrong way round? It was, if you like, identity fraud or young people providing proof of putting the cart before the horse. It is an unusual age.” So having an unclear scope—and in the written policy idea in the sense that it has a technical IT evidence I submitted I showed how time and time solution in its very title. Do you think that rather than again there was independent advice saying you need suppliers proposing the best solutions to a stated to be very clear about what the scope is and you need policy objective, this was actually driven, in the end, to focus on your top priorities—in a political context by the desires of IT companies to get a scheme in where the opposition parties were trying to oppose there when the Government had frankly lost sight of the scheme, is an element of understandability of why cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Ev 4 Public Administration Committee: Evidence
8 March 2011 Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown
Ministers would try, if they were being attacked on kind of functionality there are these other concerns, that front, to present it in that way. these other ways of implementing it. Be very clear There is a common response: “Well, let’s make sure about what you want to do and why you want to do it that the legislation specifies exactly what the scope that way. Do not think about your computer system in is,” but the Identity Cards Act had a clause that says terms of whirring tapes and flashing lights, but think “for the provision of better public services”, which is in terms of the capabilities.” so generic that just about anything would fit within that scope. So you need to get a balance between Q21 Chair: Do we still have whirring tapes? saying what you want the policy to achieve and then Professor Margetts, do you want to say something? writing it in legislation that provides an appropriate Professor Margetts: I was just going to say that those level of detail without being so general that anything would be useful things to think about in the context fits within the scope, and without being too specific of the Universal Credit, because there you have a that you get, “Build it around a central register; build major policy that will be very reliant on computer it around this kind of provision.” systems, and some of the systems that we talk about in the Digital Era Governance book, for example. Q18 Greg Mulholland: What do you think can be Obviously those systems should not drive the policy, learnt from Ministers’ handling of this, because but the policy is unimplementable without a viable throughout the passage of the Identity Card Bill, as system. It is extremely important, and it is something you are well aware, Government Ministers continually that would have to be prioritised in a policy. reassured Parliament that the lessons of previous Chair: But it is about the governance arrangements, failures had been learnt. The Strategic Action Plan which brings me to Mr Heyes. published in December 2006 made similar claims, saying the Government was taking an “incremental Q22 David Heyes: I am going to ask you about and pragmatic approach”; “We will keep risks and Government inviting procurement, and get the views costs down by using existing Government investment of all of the panel on it. Are the existing arrangements and delivering incrementally, based on extensive fit for purpose, really, is what I am saying. I have piloting and trialling.” That seems to bear very little reality to what happened, so were Ministers being less in mind things like the Gateway Reviews, the senior than honest, or did they frankly not have a clue what responsible owners system. Is that an adequate was going on? approach to governing IT procurement, and if it is not, Dr Whitley: I do not think I can comment on whether is there a better way of doing it? Ministers were being less than honest, but certainly I Professor Margetts: I will start and then hand it over. think one of the things that needs to change is a kind Chair: All of you. of more grown-up attitude to technology. So if a Professor Margetts: I think some good things have Minister says, “Well, we are doing this; we think this been done: for example, bringing OGC into the is the best solution, but we know that there are these Cabinet Office, I think that makes sense, and the size problems, and if these problems become far worse, of Gateway Reviews, before something needs a then we need to revise our plans.” I think it needs a Gateway Review, has been reduced, which is good more grown-up attitude amongst politicians in because sometimes things were not huge in contract general, to be able to say, “Fine, you have tried your value, but of great strategic importance, and they were hardest. We still disagree on it as a matter of principle too small to have a Gateway Review. So those things about this particular policy, but we are not just going are good, but I think the—sorry to keep coming back to point fingers and say, ‘You have changed your to this—big maintenance contracts do not really get mind, therefore you are completely incompetent.’” touched by Gateway Reviews. It needs something else to deal with some of those kinds of problems. Q19 Chair: The key is to separate the policy of ID Cards from the IT delivery, and they are not the same Q23 David Heyes: What would that be? thing, they never should have been the same thing, Professor Margetts: I think it is tax, welfare: those but because we have a dysfunctional system in this areas have got to be really tackled separately. Some country they become the same thing. of the plans for Universal Credit sound plausible: the Dr Whitley: They certainly became much more idea of locking down the legacy systems, accepting closely related, yes. that they are there, building an interface that will take data from those systems and will deliver what is Q20 Chair: The Prime Minister made a thing about needed. They sound okay, but it really means choose and book, and wanting a hospital appointment confronting these systems, of which there are several system. He had in his mind an IT system before the that were built in the 1970s—I wrote my PhD thesis policy had started. Isn’t that a problem? There need about one of them and I am very distressed to see they to be officials to tell Ministers, “Actually, let’s get this are still being used. It means tackling those problems. right. If you want a choose and book policy, let’s think It is not glamorous, and there are no flashing lights, about that separately from the system to deliver it.” and this is one of the reasons why it has not been Dr Whitley: I would expect and I would hope that tackled, but it will have to be when it comes to they are receiving that kind of advice. Whether they Universal Credit. are just receiving the “yes, it will work, you can go Dr Whitley: On the Gateway Reviews, yes, they are for it” advice, or whether they also have the dissenting being done. They need to be listened to. So doing a view that says, “Well actually, if you want to have this review and not changing behaviour sounds like— cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Public Administration Committee: Evidence Ev 5
8 March 2011 Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown
Q24 David Heyes: They are not publishing them. Q27 Charlie Elphicke: Are any of you aware of the Dr Whitley: Not publishing is a whole separate issue, IT and systems integration and planning related to and we have talked at length in our ID Cards work HM Revenue and Customs? about the fact that the Gateway Reviews were not Professor Margetts: Sorry, I do not— made public for many years. The senior responsible Charlie Elphicke: No, do not worry—another one of officer is an element of the broader procurement the Government’s IT disasters. What I am hearing activity, and clearly there is a need for expertise in from what you are saying is the Government, terms of procurement to be in-house, rather than just particularly the previous Government, was captured having some vendors come up and say, “This is a by eye-catching initiatives and “ping machines” of the fantastic solution. It will only cost you this much. Sign sort of Monty Python variety, without actually asking on the dotted line.” So getting that balance of the question: “What do we need and what do they expertise in-house to be an intelligent customer I think do?” First of all, is that fair? Secondly, what we do is very important. not need in the Cabinet Office is an outsourcing to a reviewer who does not know what they are meant to Dr Brown: I think definitely more openness, as the be reviewing. Do we need a director of IT strategy for Information Commission also has called for, is very the whole Government based in the Cabinet Office to important. I am very interested to see how the Cabinet clarify the strategic nature of what the Government Office’s gradual integration of privacy impact should be seeking? assessments into the Gateway Review system goes. I Chair: Or is that what the CIO is? think openness would help there to allow others to Professor Margetts: I think that is right, but now the assess whether that is making a difference, not least CIO has two jobs, for DWP and to be the CIO, and I because in other countries that have gone down that think that is a bit indicative of the priority that is given path, particularly Canada, what has been found in to the kind of role you suggest. reviews of how their systems work in practice is, well, yes they get done, but sometimes just as box-ticking Q28 Chair: So the CIO’s job needs to be split, and exercises, and if they are not listened to they have there needs to be a separate IT supremo in no impact. Government? There should be a permanent secretary That is also coming back to Mr Mulholland’s in charge of IT? It is a big programme, isn’t it? question: of course, if the aim of the policy in the first Professor Margetts: I think so; I think that would place is not clear, and the evidence that it might make sense, yes. Not a CIO who has actually got actually achieve those goals, that also makes it very two jobs. difficult then for Parliament and others to assess the human rights compatibility of the legislation. You can Q29 Chair: Do the other academic witnesses agree? only judge proportionality in a specific context, Dr Brown: Yes, that was something that we understanding what is trying to be achieved, what recommended in our Database State Report two years might be other ways you could achieve those goals, ago, that the CIO should become a permanent and if that is not clear up front then it is much harder secretary and should have that role. when you are debating legislation to decide what Professor Margetts: One thing I would like to say should be the limits that you put on the Government’s about HMRC— powers to gather data, to process, to share it and so on. Q30 Chair: Sorry, can I just ask Dr Whitley? Q25 David Heyes: So is there a better way? Dr Whitley: I think it needs that, but again you need Dr Brown: Unfortunately we are, to a large extent, to be very clear about what they are doing: they are stuck with the way we have right now. I do not see providing the high-level strategy and potentially how we could have a process of revolutionary change awareness gathering for all Government departments. that would move significantly away from that, but I You cannot expect that one person to also be doing think that some of the steps that Dr Whitley and the very detailed decision-making down for individual departments, so you need to be very clear about how Professor Margetts have mentioned to make that that permanent secretary level person filters in with system work better should be more aggressively the individual departments. pursued. Q31 Chair: Do you agree with this distinction made Q26 David Heyes: I think you mentioned the role of in the IfG Report about distinguishing between the Cabinet Office in this. Is that performing platform and agile, and that this director person should adequately? It is a very loose arrangement; they are be doing the platform part of it and not the agile part not imposing their will, it would seem to me. Is that of it? your view? Dr Whitley: I do not think they are quite making a Professor Margetts: It is difficult for the Cabinet distinction between platform and agile. Certainly the Office at the centre to really understand what is going platform level, the idea of specifying the services that on on the ground in the big departments, so the need to be provided, and in many cases that kind of Cabinet Office has a very clear role to play in service level is something that would apply delivering the solutions, like the G-Cloud, for lots of cross-Government. So yes, certainly the agile smaller departments and agencies. But when it comes development is a slightly different way of to the big processing departments, then perhaps a implementing system development. But certainly the different approach is needed. kind of platform level is definitely the way forward. cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Ev 6 Public Administration Committee: Evidence
8 March 2011 Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown
Professor Margetts: I just wanted to respond to this successful, and that is particularly the case for point about HMRC. I do not think, as Dr Whitley said privacy-type considerations. a little while ago, we should necessarily be blaming the computer services providers for this. Actually, Q35 Paul Flynn: You might have partially answered Capgemini’s share price went down when they won this in the previous questions you have had, but it has the HMRC contract, which says it all. come up so consistently in the evidence that one of HMRC took a decision a long time ago, in the early the problems that Governments have is this particular 1990s, to outsource everything—and I mean one of being driven by a political agenda, and in everything. All the expertise went over to the supplier, getting to a technological field that is rarely and a tiny proportion was spent on managing the understood by the people who are advising us. Is this contract compared with what the private sector would true? have done. We are seeing the consequences of that Dr Brown: I think that is a fair point, and as Dr now, and that is the problem that really needs to be Whitley said it has an impact not just on the success tackled. I do not think we should blame the computer or failure of the IT system itself but particularly the services industry with running off with HMRC tax privacy and security impact, because those are two systems. qualities of systems that are very hard to fix after the fact. They are things that you have to plan for Q32 Charlie Elphicke: I was not blaming the carefully right from the start of the policy computer services industry. The reason I ask it is last development process, rather than just hope you can week the Cabinet Secretary came here and said that leave it to more junior officials to fix at the end. when he was at the Treasury he designed the whole thing to do with the HMRC integration and thought it Q36 Paul Flynn: There seems to be another problem had been a huge success, and that is why I am asking with Government: there were a series of scandals what lessons we can learn, since he now is going to involving losses of data; there were no scandals about roll it across the whole of Government. anyone finding any data that actually did any harm, as Professor Margetts: At the time there was no far as I can recall, but huge excitement about losing technology expertise in the Treasury, and it was files. Is this a pressure that private companies do not regarded as a great thing because it was new and very have—and they probably cover it up if they have lost large, and we have got to move away from that. data anyway—and that increases caution in Government, which is damaging? Dr Brown: I think one significant difference is that Q33 Chair: Would you describe it as a great success? ultimately individuals have the choice, by and large, Professor Margetts: No. whether or not to deal with private companies; they Chair: Right, okay. Sotto voce. Mr Flynn? usually do not have a choice about dealing with the Government and providing information to Q34 Paul Flynn: Thank you very much. I shan’t be Government that is required by law, and therefore I tempted to go down the party political line that you think Government does have a greater duty for that indicated, except to quote the motto of the school in reason to look after and protect that data. my constituency, which is “Nid da lle gellir gwell”, Professor Margetts: Also, private sector companies which means “there is nothing so good that it cannot tend to know how important their data is, and I think be improved”, and that is our view when we come Government is not so good at that. here, not trapped in the silos of the triumphs and the Chair: We can come on to data privacy a bit later. failures of the health service, but simply seeking after Paul Flynn: Okay, thanks. the objective truth based on the evidence before us, Chair: We are moving on to the whole question of and part of that is the rather surprising view that has IT’s potential to transform public services. come from the Open Rights Group, Sirius and a group called ThinkGov, who said, surprisingly, “There are Q37 Lindsay Roy: There is a huge expectation still very few information technology failures, but plenty that IT has a potential to transform public services. of examples where a public sector business change What criteria have Government departments used to project using IT has been mismanaged.” The theme design their systems, and have they got the focus from these groups is that it was not a question of wrong? abject failure; it was a question of the IT being Professor Margetts: I think Government departments introduced as an afterthought: management decisions have been very slow to pick up on the possibilities of are taken by Government in an often confused way, the internet and web-based technologies for and they look at the IT as some of the bells and transforming services. That is ironic, because there are whistles that they hang on afterwards. Is this a fair far more possibilities there for innovation and actual criticism? transformation than there were in the great big Dr Whitley: I think you would have to look at specific administrative processing systems of the ’80s and cases, but certainly there is a real risk that—if you flip early ’90s. So yes, and I would say that those kind of the question around—if technology and thinking newer technologies, social media and so on, should about implementation issues is not there early on in very much be at the heart of initiatives like the Big the policymaking process, not necessarily to say, “We Society and things like that, and they tend not to be. have got this technology functionality. What problems can it solve?” But if you bolt on technology Q38 Lindsay Roy: Have they focused enough on the considerations then you are not likely to be very needs of the consumer? cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Public Administration Committee: Evidence Ev 7
8 March 2011 Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown
Professor Margetts: They are not focused enough on to, and systems that do not give perfect information, what citizens and consumers are actually doing. That they just give an idea; they give you an idea of what is the one thing that the internet has done: it has is happening. allowed companies to know, to understand their Those kind of systems could be incredibly valuable in customers and be able to treat them accordingly, and picking up major problems in the public sector with I think Government has not taken that capability of hospitals, for example, or local government offices: the internet, and there is a lot of possibility there. picking up problems, indicating what people are feeling about services and using information, free Q39 Lindsay Roy: So would you say it has been information that citizens are ready to provide on social more designed to meet departmental perception of media, and Government is very uncomfortable with need? that idea. Okay, in NHS Choices, for example, there Professor Margetts: Yes, in a very narrow way, to is the possibility that people rank their healthcare engage with citizens exactly the same as it has always provider, but it should be the main part of the system, done, and to use technology in a very limited way, not buried after six clicks, by which time most people rather than thinking about how technology could be have given up. I think there is an understandable, but used to enhance people’s ability to solve their own overcomeable, resistance in Government to that kind problems, to pay their taxes on time, to maximise their of facility—of using just part-authenticated health and things like that. information.
Q40 Chair: This all seems so obvious. What is the Q44 Robert Halfon: But, for example, you problem? Why can’t they get their brains round it? mentioned the hospitals. At the moment you have Professor Margetts: You have got to remember that a league tables that Government set; they set the lot of people within Government departments could criteria. Why can’t the people who use the hospitals not even see their own website, their department’s set the criteria themselves via the internet and assess own website, while they were at work until well into whether or not they think the hospitals are any good, the 2000s. Contracts were signed in the late 1990s for and why can’t Wikipedia-type Government, rather computers that did not have internet access. So there than encyclopaedia-type government, reflect those is no culture of innovating with technology. I think kind of things, to give people real say-so through the there are a lot of understandable cultural barriers internet—real power, in essence. within Government that are actually perhaps worse in Professor Margetts: Yes, and that is perfectly this country than— possible, and there have been a number of quite successful social enterprise applications that allow Q41 Chair: Are you seriously saying there are people to rank hospitals and rank healthcare provision, people sitting at desks in Whitehall now— and that facility is available on NHS Choices—one of Professor Margetts: Not now, but until distressingly the most expensive websites in the world. recently. Chair: Just because Professor Helen Margetts is sitting in the middle it does not mean that she needs Q42 Chair: Until when? to answer all the questions. Professor Margetts: In the early 2000s, mid-2000s Professor Margetts: Sorry. even, there were people in very large Government Dr Whitley: Just on that, one of the things that departments that did not have internet access at potentially would emerge from that is, if the criteria work—could only see their departmental website by which the citizens assess a local hospital—what when they went home. they think are the things that the hospital should be providing—are very different to what the NHS Q43 Robert Halfon: If I can come in on what Mr managers, or whatever, have decided, then that gives Roy and the Chair were saying, I have argued in the a real opportunity for the transformation of public previous sessions that Governments have opened up services type question that— the internet, putting loads of information on there, which is good, but that is like the internet was five years ago, and that all it is is an encyclopaedia of Q45 Robert Halfon: Exactly, and schools and information, and that the Government should actually transport, and where buses should go, and so on, be Wikipedia rather than encyclopaedia, so the people because that is all decided from the centre. have interaction with that information and can actually Dr Whitley: There is always a risk that you only get make a difference via the internet and how they do it, the really enthusiastic people or whatever, but it is an which is what you were just saying. Do you agree extra data point that will have some benefit, but I with me, and if so, how could that be done? would not say it is the only way. Professor Margetts: I do absolutely agree with you, Robert Halfon: But which is better: enthusiastic and I have been saying that for ages too. One of the people, or just being decided from the centre? barriers to that that needs tackling is Government is Chair: We need to move on. very uneasy with any sort of part-authenticated information. Government officials, Government Q46 Lindsay Roy: How can Government promote agencies like information to be perfect, and a lot of consistently that kind of cultural change that is the benefits of those kind of technologies come from desired? things like—I do not know—rating systems and Professor Margetts: Can I…? recommender systems, which we are very accustomed Lindsay Roy: Any of you. cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Ev 8 Public Administration Committee: Evidence
8 March 2011 Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown
Chair: The other two are so shy that you had better Q52 Kelvin Hopkins: Perhaps I can draw together carry on. one or two of the themes that emerged in earlier Professor Margetts: Well, I think relaxing a bit, and questions and bring them together. You talked about actually recognising that there are all sorts of the need to be an intelligent customer: the fact that information out there that people will freely give and Government cannot handle the contractors, the big there is work they will freely do. We are all managing companies, because they have not got the skills our own banking these days: anyone who uses internet in-house means they cannot advise what potential banking manages their own banking, taking loads of there is in using IT skills throughout Government. burdens off banks, and people would be willing to do Doesn’t that shriek that we need not just a permanent the same for Government, and it is recognising and secretary but real big in-house potential and a skill capitalising on that. facility that could advise on all of these things and really be influential, and could make sure that Q47 Lindsay Roy: Critical to this is leadership. contractors are kept in order, that all Government Professor Margetts: I do not know if it is leadership. departments are up to date and running properly? Dr Whitley: I think it is leadership once the general Doesn’t it really need a big, in-house, powerful opinions, general issues are raised. facility? Professor Margetts: I think we need more in-house Q48 Lindsay Roy: And leadership at devolved levels than we have got at the moment, and if you look at as well: I am not just talking about a single individual successful Governments that is what they do. In or a small group—a small elite. Canada, for example, there is a big expertise within Professor Margetts: It is more about providing some the Government that can step in if something goes kind of framework, facility, application or platform, disastrously wrong, but can also oversee the contracts. and then allowing citizens to get on with it. It is not all about keeping the contract to the letter and keeping the contract price down; it is also about Q49 Chair: But isn’t it about re-orienting the whole cooperating and innovating, and having a more of Government, and saying, “These information blurred boundary between the contractor and systems are not for Ministers and officials; they are Government. Government finds that difficult in a way actually to serve the public”? Don’t banks do that that the private sector does not; they are used to those kinds of relationships, and Government finds it much rather better than Governments? more difficult. But yes, you can only get that by Professor Margetts: Banks have got their own recognising the need for expertise inside, and not problems. saying, “Oh well, we are contracting it, so we do not Dr Whitley: But certainly, yes, a clearer link to what need to know anything about it.” the customer wants, and, as Ian was saying, with the Dr Whitley: There is a real risk that the outsourcing opportunity to change banks, to change supermarkets industry within the private industry has recognised. or whatever if you do not find the level of service that Yes, you can outsource and squeeze down costs, and you are receiving sufficient. Certainly it is a strong that is kind of great because you cut down your costs, driver. but you do not do very much beyond that: you cannot innovate. If you want to innovate with your Q50 Charlie Elphicke: Is it fair to sum up the outsourcing partners you have to have a very different problems in this latest round of questions by saying relationship with them. that what we have is a situation of what you might call So you certainly have to have—I hesitate to say big— mainframe Government in a wireless, laptop world? certainly a significant capability in-house, and a very Robert Halfon: Or IBM Government in a Linux different attitude to managing that relationship that world. says, “This is a collaborative arrangement and it needs Charlie Elphicke: Indeed. Mr Halfon’s more modern flexibility on both sides,” rather than, “This is what than I am; he is much more modern than I am we have screwed down the costs on, and then, when Chair: Dr Brown? you come back and say, ‘This was not in the initial Dr Brown: Yes. contract,’ we are sticking with the contract so we will Chair: Yes; okay. now charge you an awful lot of money. Oh, you need Professor Margetts: Yes. internet access, you need internet capabilities. That is extra to what we had initially agreed, and because we Q51 Chair: Moving on to the skills that Government are sticking with our contract because you have forced has or lacks, it seems to me that this is very simply a down the price on contracts that is going to be the skills question, isn’t it? basis of our relationship.” Dr Whitley: There is certainly an element of retention Kelvin Hopkins: You need the top cutting edge skills of skills, and also the relationship between the skill in-house as well as out of house to deal with it. set of the technology role and the organisation more Professor Margetts: To manage those relationships. generally, so in many organisations, the CIO might sit on the council, but ultimately it is the chief executive Q53 Kelvin Hopkins: Another sphere I am very who will take the final decision. So in that sense I do familiar with is—I won’t mention particularly what it not think Government is that different to commercial is—where the contractors have all the power, they do organisations. We are not advocating that chief a job. When it is not done right then the client comes information officers should be driving everything, but along and says it is not right, the contractors say, certainly they should be having a stronger voice. “Well, we will do it again for you, but pay us more cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Public Administration Committee: Evidence Ev 9
8 March 2011 Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown money,” and they get paid twice for doing the same Commissioner not to take stronger enforcement action job because it was not done right first time. If you can against Google as a result of that. make sure at the beginning that it is right you save a lot of money and get the right job done as well. Just Q58 Robert Halfon: What do you think the one last question, in the late 1980s, the Conservative Information Commissioner should have done? Government—and I do not blame the Conservatives Dr Brown: If you look at what path other regulators any more than I do New Labour, because they were have taken in Europe, for example, they opened all about contracting out everything—started winding serious investigations of the company, whereas the down the Central Computer and Telecommunications ICO seemed to be satisfied with Google signing an Agency, CCTA. This could have been built up, but undertaking saying, “Oops, we won’t do it again.” was wound down, and might have been a basis for what we think we need now. Is that right? Q59 Robert Halfon: And when you speak to the Professor Margetts: Well, the CCTA, yes, it was in ICO, they say they did not have the powers to do the Treasury, and then it was in the Cabinet Office, those investigations. What is your view about that? and it has changed. If you look at Governments that Dr Brown: I am not sure that that was the case at the are managing better in this area than the UK, it is not time. I think the ICO interpret their powers and their a matter of central agency control and coordination. duties under the Data Protection Act very cautiously The CCTA used to own all the computers in and conservatively. Government, and I do not think that really is the way Dr Whitley: There is also an interesting angle of IT forward, and I do not think any of us would think that. oversight that seems to have been missing in that particular case, because you would have thought that Q54 Kelvin Hopkins: It is the skills that are somebody would have noticed that they were running important. code that potentially could mess up your entire Street Professor Margetts: It is the skills that are View capture because it was collecting something that important, yes. was corrupting, the fact that your hard disks were filling up far faster than you were expecting, that fact that somebody had actually screwed on and connected Q55 Kelvin Hopkins: So how would you go about up a Wi-Fi receiver: somebody else should have regaining those lost skills? What would you suggest? noticed, there should have been proper IT oversight. Dr Whitley: I think we have an interesting opportunity at the moment, given market conditions in the IT Q60 Robert Halfon: It was not just the Wi-Fi data; industry, that there are potentially a lot of skilled it was the emails and the passwords. individuals who are open to new job opportunities. I Dr Whitley: Yes, but the fact that you have a think there is a risk that, once they move from the technological device that you have attached—these do private sector into Government, they might find not appear on the cars but are physically attached— themselves incredibly frustrated by the inability to there should have been oversight of that, and the drive through the kinds of change and the kinds of oversight mechanisms that should have checked that best practice that they have been used to doing. the code was only doing what it was supposed to do, Obtaining the skills is perhaps not as much of an issue that you had not screwed anything else on to the car, in this current employment scenario as retaining the etc, did seem surprising in its absence. skills, but that is a whole separate… Q61 Robert Halfon: Do all three of you think the Q56 Kelvin Hopkins: You have got to have Information Commissioner was lacking and should politicians who are comfortable with all of this, and have done more in this particular case? you have got to have senior officials that are Dr Brown: Yes. comfortable with all of this as well to give them their Dr Whitley: Yes. head and let them do the job. Dr Whitley: Yes. Q62 Robert Halfon: And do you think there should be more done on personal privacy and data privacy? I Q57 Robert Halfon: You mentioned when you were am going to come on to the governance side in a answering Mr Flynn earlier that there was a difference second. between private companies and the state in terms of Dr Brown: In general one problem with the system data privacy, because people had a choice with private we have right now is that the Information companies. In theory that is true, but given that most Commissioner, in his data protection role, focuses people are connected to companies like Google and very much on data protection as it is defined by the Facebook, and when those companies harvest people’s Data Protection Act, which is not the same thing as Wi-Fi details and personal emails—as has happened privacy. It is not taking wider questions of human in recent times—is there really any difference, in rights into account, for example. reality, between private companies and the state? Isn’t there a privatised surveillance society as well as a Q63 Chair: Does this have a bearing on Government public surveillance society? IT, in that some of the evidence we are receiving Dr Brown: Yes, I certainly would not say that privacy suggests that the Government should be trusting is not important in the private sector, and in the Government-owned data, or people’s personal data, specific example you gave of the Google Wi-Fi Street much more to private-sector providers like Google View cars, I think it was a mistake of the Information and so on, but with these problems about data privacy cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Ev 10 Public Administration Committee: Evidence
8 March 2011 Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown and the private sector, is that an impediment on the Q67 Robert Halfon: Does the Government need to Government doing that, do you think? keep as much data as it does, and if so, how can it Professor Margetts: It needs to retain some sort of make it more secure? control over the data. If you think about— Dr Brown: No it does not, and I think that is one of the most significant things that Parliament and others Q64 Chair: More than individuals have when we put could do moving forward: make sure that Government our data on to servers in the private sector? is not gathering excess quantities of data, not taking Professor Margetts: Yes, because it is our data, so, an attitude, which seems to be prevalent so far, of, precisely. “We want this data, you will just have to trust us—we will put adequate security measures in place”; it is a really critical part of the data protection regime that Q65 Robert Halfon: If we are to pass our data, if we you only collect the personal data you need to do a do have companies like Google running our data and specific job. You do not just say: “Hand it over and doing things—which I am not opposed to, by the we will decide later; we want the flexibility to do other way—should there be, in order to safeguard our data things with the data.” privacy, an internet bill of rights that sets out intellectual property and how our data is used and so Q68 Robert Halfon: But why does it not need to on? collect so much data? I agree with you, but can you Dr Brown: I think that would be one way of just set out why? approaching it. A parallel way of approaching it Dr Whitley: One way of looking at that is in terms of would be using opportunities, as we have at the the big question about what the system is trying to moment, for example, as the European Commission is do, and the associated concerns about data quality. If reviewing the operation of the Data Protection someone has designed a system for unemployment Directive, to say, “How can we make that more benefits that has a process that requires you to fill out effective? How can we better protect individuals’ three screens of data, most of which is not particularly privacy in relation with private companies and relevant, and if you cannot get to the end of the Governments?” process without entering data into the data fields, then Dr Whitley: A very academic answer: I am involved you are going to generate low-quality data, because in a research project that is looking at ways of someone just types rubbish into the fields because you enhancing how users get more control over have to in order to undertake the transaction. Then the management of their data, and one of the issues that risk is that if the Government is holding that poor we have been exploring is whether property is the best quality data and potentially taking decisions, all of the way of understanding your relationship with data, and recipients seem to have their date of birth as being are there alternative mechanisms—for example, April Fools’ Day, because they needed a date so they contractual relationships—that might provide the entered April the 1st. same kinds of support and guarantees, without Again, it is that bigger picture: if you have not really necessarily going down property, because property has thought about what you are trying to do, what data its own particular challenges. you actually need to perform that transaction, then you build a system that requires lots of data collection just in case, because it might be helpful, with no Q66 Robert Halfon: Yes, just two questions, if I mechanisms for checking that the data is of the right may. One of the reasons why I asked my question was quality, or costly processes for double checking that that I wanted to know if the Government were any the data is the right quality, when actually all you need worse than the private sector in this, given all the to know is the National Insurance Number, and that Government data scandals there have been and the the National Insurance Number matches other records HMRC mislaying data and so on, and given the that we have, or whatever it might be. Google issue and the scraping and all this stuff that has come out in recent months. Q69 Charlie Elphicke: Very briefly, I am very Dr Brown: It is impossible to know, because at the concerned by what you are saying, because the moment there is no requirement on the private sector Information Commissioner has a role with regard to to report data breaches, although that is being the private sector and also the public sector, and what discussed in the review of the Data Protection I hear—confirm if I am right or wrong—is we have Directive, and I think that would be a positive step equipment screwed on top of a car and codes to collect forward. Of course Government usually has this sort of data. It seems to me it is very clearly an significantly greater risks than most private sector organised, premeditated theft of data, invasion of organisations, in that they have forced individuals to people’s privacy, and it sounds to me like you are pass their data over to Government, and often they saying the Information Commissioner turned a blind have very large quantities of it. eye. Is that correct? Dr Whitley: And the flipside of course is also, Dr Whitley: I won’t use words like “organised” and following the HMRC data breach, that the “theft”, but it certainly would be an intentional Government has rolled out procedures and guidance activity. It did not happen by accident; someone chose and training for all staff to go through to appreciate to do that. that, which is a very visible response that might not necessarily have rolled out in the same kind of way in Q70 Robert Halfon: Google say it happened by the private sector. accident. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Public Administration Committee: Evidence Ev 11
8 March 2011 Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown
Dr Whitley: You do not screw a device on to the top Q76 Chair: I am going to move on—I must move of a car by accident; somebody did it, and in any on. Before we close this session, you have been quality process somebody should have checked what extremely helpful to us, but it all seems very that was, why it was going on , and why they were complicated and quite obscure, and anybody watching collecting more data than they thought. “We have this session I think will find it quite difficult to make gone down a street and we expected this much data sense of everything that we have asked about and from the photographic images; we seem to have more everything you have told us. But it seems to me that data—what is it and what is going on?” the fundamental thing is that there is scope for central Government and a centre in Government to define Q71 Robert Halfon: Do you think the Street View how IT projects are taken forward, and to require by itself was an infringement? Forgetting about the some definition about purpose and scope of IT Wi-Fi codes and the emails, do you think taking projects before they are approved. Do you see this pictures of people’s houses and putting them on the happening yet? Professor Margetts: internet is an infringement of personal data? Well— Chair: Let’s start with Dr Brown. Dr Whitley: I have opted out, so you cannot find a Dr Brown: Not yet strongly enough; we shall see if photo of my front door. I have clicked the link to take things change as we go forward, but I would add to my front door off Google Street View. what you said: Parliament has a role to ensure that it happens in not passing Acts and funding projects that Q72 Robert Halfon: Do you think people should do not meet these kinds of tests. have an opt-in rather than opt-out? That is the crucial thing. Q77 Chair: Could each of you just recap with a Dr Brown: I do in that situation, yes. fundamental recommendation you think we should include in our Report to help this happen, or Q73 Robert Halfon: And is that the same with you? anything else? Professor Margetts: I leave it to the privacy experts. Dr Whitley: On the earlier question, I think the third Dr Whitley: I am slightly inconsistent on opt-ins and one that you mentioned previously but did not opt-outs. So, in that case an opt-in, but in terms of mention in that version of the question was the role kidney donors and organ donation, I would prefer an of standards and interoperability capability, rather than opt-out. saying, “We want this email system; we want this kind of functionality; we want this level of service; we Q74 Robert Halfon: And that principle should link want this kind of security; this kind of in to Government data. This is the problem with the interoperability.” I think potentially that is one of the ID Cards: the Government just taking all your data, interesting elements of the Government Cloud, in that and that is why they want it—to have as much data it is not just about consolidating servers and putting computer systems together but is also about the as possible. You should be able to opt-in to how much possibility of saying, “Actually, Government as a data you give the Government, rather than the other whole requires these kinds of services, and we can way round. Unless you break the law, but that is have a market of service providers that can offer this separate. service requirement,” rather than, “It has to be this Dr Brown: And I think that is an important principle, particular package and this particular functionality.” actually, that whenever Government claims they are Recommendation: as the evidence has made very doing something for the good of the citizen and the clear, managing and implementing IT is a very citizen should be glad this is happening, well, it difficult— should be the choice of the citizen to take up or not take up that service. That is the best test of whether it Q78 Chair: What is the recommendation? We know really is for the good of the citizen. it is difficult. Charlie Elphicke: Did the Information Dr Whitley: It is kind of a meta one: there is not going Commissioner fail in his duties in turning a blind eye to be a simple solution, you are not going to be able and fall down on responsibilities that he should have to say— been upholding and maintaining in relation to this matter of Google? Q79 Chair: Okay, but what is the recommendation? Dr Whitley: Ian has followed it more closely. Dr Whitley: Let me come back to that. Dr Brown: I think the current Commissioner and the Professor Margetts: Prioritisation: I think lots of what previous Commissioner had a much more we have been saying is that okay, these issues are self-regulatory position than all of the other difficult, but I do not think you should make it sound Commissioners in Europe, and I think this case shows too terrible. They are just really important, and that why that is not always the right path to take. when any policy change is being considered, or any policy innovation, these things have to be at the heart Q75 Paul Flynn: The view, Dr Whitley, of your front of it. They are not completely policy-neutral; door is something that can be recorded by a passerby. important policies and ideas and exciting things What is the point in opting out? What is so shameful cannot get implemented without them. about your front door? Robert Halfon: Because the passerby cannot go Q80 Chair: So every time policy changes, some round every house in the country, that is why. steps to go through to audit IT consequences. cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Ev 12 Public Administration Committee: Evidence
8 March 2011 Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown
Professor Margetts: Yes, in many countries that able to give Parliament a reasoned opinion on happens. You cannot propose any sort of policy legislation that significantly impacts on privacy, and I change without considering the information systems think Parliament should really make use of that and implication. be much more careful about the powers they give Government in future in the area of collecting and Q81 Chair: Dr Brown, the last word. sharing personal data. Dr Brown: On privacy, which is my particular area of Chair: Thank you very much indeed for those last expertise, I would strongly support the proposals of points. They have been very helpful. the Information Commissioner’s Office that they are
Examination of Witnesses
Witnesses: Professor Nigel Shadbolt, University of Southampton, and Sir Ian Magee, Institute for Government, gave evidence.
Q82 Chair: Two very different witnesses. Thank you people, processes, systems and policy all at once you for joining us today. Could you each identify are pretty much on track for a train crash somewhere yourselves for the record, please? along the line. I think that has been brought out in the Professor Shadbolt: Professor Nigel Shadbolt, PAC and other reports. The imperative on my University of Southampton. colleagues was “find some technology to support Sir Ian Magee: I am Ian Magee, Senior Fellow with this”. Because we would not have been able to build the Institute for Government. it fast enough, we scoured the world to try and find something and we bolted a system on. Q83 Chair: We are particularly interested in your experience in Government. Given your experience of Q85 Chair: But wouldn’t it have been better to just working in projects inside Government, why do you give everyone a spreadsheet with a model on the think IT policy is so poorly coordinated? spreadsheet of how where to put the numbers in and Sir Ian Magee: You could say better one sinner who that could tumble the numbers, rather than do a great repenteth. The jobs I did in Government that are most mainframe system, with churning out letters. Wouldn’t relevant to this, and indeed to some of the things we you have learnt from that system that actually the have spoken about in the report, would be in what modular approach or the agile approach would have would now be described as the CIO of the then been a much better approach? Department of Social Security for five and a half years Sir Ian Magee: Absolutely, but we are talking 1993 in the mid 1990s, but also all of the leadership jobs now, and the awareness of those sort of things was that you do in Government, where you have to have not necessarily around. an idea as to how IT can improve the business. Why are things different now? Well, I think two Q86 Chair: I was on the Social Security Select overwhelming reasons, and we bring this out in the Committee at the time and I asked the same question report. The first is that technology moves at an then: it seemed common sense. increasingly quick pace, so Government, it seems to Sir Ian Magee: Absolutely, I am not saying that you us, just as the private sector, has to be in the position could necessarily have done it on a spreadsheet. We to be able to respond to that for the good of citizens. would not have had the users who would have been This is not putting IT in a box, and there are able to do that at the time, necessarily. But as I sometimes some shades of that. The second is that we emphasised, the technology was just one part of the live, as was very clear in the previous witness session, problem of the whole setting up of the Child Support in a world that is complex, we live in a world that is Agency, as you will remember from your experience. very fast moving, we live in a world where people understandably want to make changes quite rapidly, and the model, as we have again argued in the report, Q87 Chair: What has frustrated you the most about for implementing Government IT—certainly as far as the way that the Government continues to handle the applications are concerned—does not necessarily ICT issues? allow that to happen. Sir Ian Magee: I think the need to move quickly to a different world, of the sort that we emphasise in the Q84 Chair: In your experience of Government, can report, has not happened sufficiently quickly in you tell us about any particular projects that you Government. oversaw? Did you do the Transport Agency computer system? Q88 Chair: This report, just for the record, is System Sir Ian Magee: I came to the Information Technology Error: Fixing the Flaws in Government IT, published Service Agency in March 1993. We had just procured by the Institute for Government. a system for the Child Support Agency from Florida Sir Ian Magee: Indeed, it is that one. It has not moved in the States. There was a lot that was wrong—and sufficiently quickly to embrace some of the principles again it goes to the heart of some of the things we are behind that, to engage beyond the IT community to saying in the report—with the formation of the Child make sure that there is a proper understanding of, at Support Agency in the first place. If you change all stages, what the policy intent behind something is cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Public Administration Committee: Evidence Ev 13
8 March 2011 Professor Nigel Shadbolt and Sir Ian Magee and then seeing that that gets implemented. We examples of duplication—common standards being mention in that report that, for example, it takes, under applied to ensure interoperability between systems. the current way of doing things, something like an average of 77 weeks to get to a procurement—a big Q92 Chair: So is that just about interfaces? procurement for Government IT. I think we describe Sir Ian Magee: No, it is not just about interfaces; it that as glacial in this day and age. Professor Shadbolt is about a whole approach that says, “Commoditise would make that point himself, I am sure. Technology what you can commoditise, but apply your buying is changing just at such a rapid rate that by 77 weeks power where you can apply your buying power; get you might have thought of different ways forward and better value for money as a result of doing that.” If different solutions. you have got an expert in a department who has That is one of the things that frustrates me. One of the shown something works, do not try to reinvent that in things that did frustrate me was the apparent a different agency or a different department: build on inability—and this applies throughout my career—of what is there. agencies to subordinate—and indeed Government Departments—their narrow interest to the wider good. Q93 Chair: And that is platform? Sir Ian Magee: That is platform. Q89 Chair: That sounds like a motherhood and apple pie point. How does that operate in Government, and Q94 Chair: What do we mean by agile? how would you suggest that the Government Sir Ian Magee: Agile: we are not describing a specific addresses that problem? It is very easy to say that software approach that is known as agile development departmental agendas overrule the national interest, here; we are talking about an approach generally. The but what is needed to change that? key elements to agile, as we say, is flexibility, Sir Ian Magee: It is about a very partial view about responsiveness to change, the opportunity to bring accountabilities, for perhaps good reasons, in an innovation into Government systems, taking a individual department where the accountability is to different approach to business challenges, so that you the Secretary of State and the permanent secretary’s actually build iteratively so that you can discard that accountabilities are pretty well defined, but which does not work and concentrate on that which sometimes—as you well know, because you see this does work. all the time, and if you can show me people who have cracked this, then I would be very happy to speak with Q95 Chair: Give an example, to give life and them and learn from them—you need to be able to meaning to this, so that we could perhaps use an communicate laterally and to do things together and example in our Report. collaboratively, but it has not happened often enough. Sir Ian Magee: There are 11 case studies in annex C of the report that have got lots of examples in them. I Q90 Chair: But it has not actually got to be led from obviously will not go into all of them now, but some a centre, from somebody, for example, in the Cabinet companies with whom we have spoken have been Office, to separate the decisions about means, which happy for their names to be quoted, so I will is what ICT is about, rather than ends, which is what mentioned one that was. Centrica said that by policy is about. adopting an agile approach they have improved their Sir Ian Magee: I agree with that general premise, and approach to this as far as cost is concerned by a factor indeed in the System Error report we have said that of 20. We observed and worked with a project there is an independent role that the Government’s between the Metropolitan Police and the Home Office CIO should perform in that respect, particularly in that took an agile approach, which was about fraud making sure—I mean, do not waste a good crisis. We and identity, and the quotes from the people who were have a perfect opportunity to do something about this involved in that make it clear: a) how enthused they at the moment, because the imperative is on were about it; and b) how they had made significantly Government departments to make the most of their more progress in the course of just a few weeks than resource. We have suggested, as you know, a twin they had been able to do for a long time hitherto. approach—platform and agile. Platform essentially means commoditise where you can commoditise, and Q96 Chair: The usefulness of this case study is they bring Government’s spending power to bear in a way ran the projects on agile principles alongside the that has happened only in part so far. traditional method—what you call the waterfall method. Q91 Chair: Right, I am going to jump ahead here, Sir Ian Magee: This was specifically an agile because there is a set of questions we have here that approach, but they might have run a waterfall we want to ask about platform and agile, and we will method in— do that now, because I think it is so important. Can Chair: In parallel. you explain what you mean by platform and agile? Sir Ian Magee: Yes. Sir Ian Magee: I will try and keep this very simple. As far as platform is concerned, a shared, Q97 Chair: I am going to exercise Chairman’s Government-wide approach to simplifying common prerogative again. What are the drawbacks of agile elements across departments. So, for example, bulk- and platform, and what are the pitfalls? I mean, why buying of IT goods, and indeed services, reducing is every permanent secretary in Whitehall going to duplication across departments—and there have been say, “Oh no, we cannot possibly do it like that?” cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Ev 14 Public Administration Committee: Evidence
8 March 2011 Professor Nigel Shadbolt and Sir Ian Magee
Sir Ian Magee: I think that its implementation will Government, the data.gov.uk site, which is a site require care for that very reason. If you try something where all of the Government’s non-personal public out in an area where it is not necessarily suitable— data is being catalogued, and that work has continued because we are certainly not saying in the Report that apace under the Coalition Government too, and partly agile is always suitable—then you might run into that because we did not know what we could not do or risk and then you will get people being dismissive of should not do, we simply went in. We had very little what is a perfectly good and legitimate approach. But resource, but we did have a small group and we drawbacks: cultural issues; this is not straightforward; specified Open Source software. people are used to a sequential, structured, slow The reason for that was of course it was not going to approach; slow decision-making; the need for cost us anything, but more importantly it was not rung consensus. about with licences for reuse, but also, one particular piece of software we used was at the base of Q98 Chair: So it is going to feel like chaos? Wikipedia, and we knew, therefore, that it had been Sir Ian Magee: It could feel a bit chaotic as they go subject to the most massive range of collective attacks along, but the evidence that we have produced in our and subversion that you could imagine. So it had been report suggests that people get to a better result as a improved and hardened by a large community effort. result of doing this. Governance: you talked about the That is not something you can get with a single OGC to the previous witnesses and about the Gateway supplier perspective. So Open Source software has a Reviews. It is not immediately clear how Gateway number of merits: it is cheap, it can be easily licensed, Reviews could be applied to this methodology, and and it can be subject to large-scale collective Government would have to come up with something improvement, and we think those are really strong very different. reasons why people should be looking at Open Source solutions. Q99 Chair: Are Gateway Reviews old-think? The other element of that is Open Standards, and Sir Ian Magee: Gateway Reviews might be perfectly much of this relates to why the web has succeeded as appropriate for a waterfall approach, but they would the most successful information structure in history, not be appropriate for an agile approach. because that is at the heart of the web. It really took off because many of the original software elements Q100 Chair: Because you have got to let it happen? were Open Source, but they conformed to basic Sir Ian Magee: Because you have got to let it happen. standards about how machines would talk to one another, how they would work out how to exchange Q101 Chair: There is going to be lots of resistance content and, indeed, how that content itself was to be to this in Whitehall, isn’t there? They must hate you? expressed. It was not proprietorial, it was not a Sir Ian Magee: Well actually, at the launch of the Microsoft product, it was not a CISCO product—it report last week, where I did a piece explaining what was open and the standards are developed in an open it was all about, we had Ian Watmore, who is the forum. Government’s Chief Operating Officer, responding to that, and in the room a number of people, both from Q103 Chair: Thank you Professor Shadbolt. Isn’t it within Government and outside Government, largely the case that the first Open Source policy was adopted from the IT community, and the atmosphere was very by the Government way back in 2002, and since that supportive. Nigel was there; he can probably speak time all we have seen is the senior echelons of the for how he found the atmosphere. We felt that we Civil Service consorting with IT fat cats, rather than were potentially pushing at the same door here, and actually making use of Open Source and value for that something different has to happen. The solutions money. Do you think more could be done on that, and of the 1980s cannot be appropriate for 2013. It is a why has it not been done already? Why did that not long time. It is 13, 14 years since I ran the IT happen previous to now? organisation. A lot has moved on since then. Professor Shadbolt: There is the challenge, and it Chair: Forgive me, I hope the Committee will forgive relates back to the whole issue about how we procure, me, but I think it is appropriate to come to Professor how we get a mixed ecology of providers, from SMEs Shadbolt and the questions we have for him on Open through to larger organisations, and indeed, in the Source and Open Standards. open data world in which I am working at the moment, advising Government, there is an entire Q102 Charlie Elphicke: Thank you. Professor community who you would not even describe as Shadbolt, we heard from our previous witnesses that SMEs—they are activists. They are people who care in effect there is an IBM view in the Civil Service in about integrating data and about providing a Linux world. applications. The challenge there is how you let them Chair: We heard that from us, actually. into the process at all, and how we enable the broader Charlie Elphicke: Yes, but they agree, they broadly community to be built, and for Government officials agreed—that was broadly the thrust of where things to listen to it, and I think there are some quite were going. Do you see it that way as well, and what promising experiments in that area. I think could be achieved out of making greater use from Governments now regularly hold hack days, they Open Source? regularly include people in to try and explore what Professor Shadbolt: Yes, we have direct experience, they can do with the data, which would have in fact, because Tim Berners-Lee and I were involved previously been procured at large expense very in setting up what was an agile project within slowly. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Public Administration Committee: Evidence Ev 15
8 March 2011 Professor Nigel Shadbolt and Sir Ian Magee
Q104 Robert Halfon: Do think that the big IT that has been tested out in a number of different companies have become too cosy in their relationship environments. with Government? Does Government have the skills? It appears to have Professor Shadbolt: I think because of the various the appetite at the moment to do it, which is very rules in place, it is very hard for anybody else to get different from the skills question that you asked. It to the table. will take a very different approach to make agile successful. The good news is that there are some Q105 Chair: But the system mitigates in favour of people around, and again we quote a case study from the big providers, doesn’t it? an unnamed Government agency, where they have Professor Shadbolt: That is right. I think it is as introduced an agile approach, they have saved money simple as that. in doing so and it appears to be the right way for them to go. If people can celebrate that sort of success Q106 Charlie Elphicke: That is because of gold around Government, then we have an opportunity to plating. No other EU country has this problem; it is show that this is a better way. our Civil Service, our gold plating and our IT fat cats. Chair: But is it just— Q111 Chair: Sir Ian, you say in particular in annex Professor Shadbolt: Actually it turns out that all B of your report that EU procurement law is often European countries have a serious problem with seen as a barrier to procuring agile projects. Can you opening up Open Source efforts. It is not just a UK elaborate on that? Is that what you believe? problem. Sir Ian Magee: If it is in the report, I believe it. I think it is two things: it is first of all not necessarily Q107 Chair: But is it a regulatory problem or is it a the underpinning procurement law, as it were; it is cultural problem? how we choose to interpret that in the UK that is a Professor Shadbolt: Both, and I think we have to look much more contributory factor. For example, if you hard at how we procure. We have to begin to invert look at, I think, Germany, in the report somewhere we the assumptions about who will make the decisions say their average is 40 weeks, so almost half the time on what is procured. At the heart of this, of course, is that it takes to get to the requirement stage in a real problem about the technical competence of the Germany than it does in the UK. That suggests that people making the decisions. we are interpreting things in a particular way rather than necessarily that the law itself is flawed. Q108 Chair: I understand that; we are going to come to that later. But on the question of particularly the Q112 Chair: As usual. And is it just a question of Public Procurement Directive, upon which so much of interpretation? our own regulation is based, is that directive actually Sir Ian Magee: Maybe—we will see. I think the way a problem? that we will see is whether or not some of these more Professor Shadbolt: I think the onerous requirements rapid application developments are allowed to go it puts on companies to be able to compete is really a ahead in Government and whether Government self-selecting audience. embraces this way forward.
Q109 Chair: So it is a problem? Q113 Chair: Before we leave this point, because I Professor Shadbolt: Yes. think it is very important, could I ask you to produce—or maybe both of you to produce—a note Q110 Charlie Elphicke: Let me just press on this. on this question of the legal framework? Are there Can I ask Sir Ian to come in, Mr Chairman? particular changes that should be made? Are there Chair: Yes. particular interpretations that need to be adjusted, Charlie Elphicke: We heard earlier from our previous because that is the sort of thing we would like to witnesses that there are much more competitive open include in our Report. markets in the rest of the European Union and in the Sir Ian Magee: We can certainly try and do that. United States. Sir Ian, do you think lessons can be learnt from the past? Can we move into wider Q114 Robert Halfon: Going back to what you said competition, not just the same old group of mates and about Wikipedia and Open Source, one of the reasons IT fat cats that Government lets contracts to, and does that the Government says, or departments say, you the Government have the skills to make use of Open have to have the big, as he calls it, IT fat cats is Source, or are we just going to have more disasters? because of security. Do you think they just hide Sir Ian Magee: There are two questions there, as you behind the security issue in order to keep things as will recognise. On the first one, that is why we have they are, and that is the excuse why they do not go recommended an agile approach, because an agile for Open Source? approach, by definition, allows for smaller Professor Shadbolt: I think it profoundly procurements than has naturally been the case in misunderstands the power of Open Source Government before. You do not specify your development. These are some of the most secure requirements up front and then wait until you have software systems in existence. gone through the procurement process, got somebody to develop the thing for you, technology has moved Q115 Robert Halfon: In essence, what is ranged on, etc. You are able to do things very rapidly, and against the Open Source idea is the power of these cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Ev 16 Public Administration Committee: Evidence
8 March 2011 Professor Nigel Shadbolt and Sir Ian Magee huge IT companies, so it is very difficult for the Open of big IT providers. I do think that Government has Source concept to— got enormous potential to shape markets because of Professor Shadbolt: It is interesting; of course, many its buying power, and if it chooses to go down a route of these large companies run significant amounts of that is more designed towards Open Source then their IT operation on Open Source systems, so they commercial companies will find a way of responding entirely understand the benefits and merits, and they to that. You could argue that the IT companies have also understand where they want to keep their own IP had no incentive to go down any different route from locked down and secure and available. the way that they have always behaved in the past, because it is a good business model for them, it is the Q116 Chair: Open Source is not the best way of business model that suited Government, there is too adding value to a contract, is it? Get all this free much gold plating, as we say in the report. software? Charlie Elphicke: And a revolving door. Professor Shadbolt: It has certainly done Google no Chair: Now, we have jumped around our own harm: they have substantial amounts of Open Source agenda, and I think Mr Hopkins feels his points have software in their— been covered.
Q117 Chair: If you want to sell yourselves to the Q120 Kelvin Hopkins: There is one question I Government, you want to say, “No, the Open Source would like to ask as a theme: benefits systems clearly is not good enough for you. We have got to write you are reform systems that require very good IT, and yet a new programme.” British Governments have insisted, the last Professor Shadbolt: I think this is what is very Government insisted, that we have at least three interesting about how we are going to go about Government departments and some agencies to procuring what we think we need, and of course how deliver means-tested benefits in separate places. I we are going to try and do that with an agile method, know there is now a plan to bring it all together in where you revisit the assumptions very frequently one sense, but shouldn’t the IT experts suggest to about what you think you are trying to build. The real Government sometimes that some of the things they thing that, again, we have experienced in looking at are doing are going to cause immense complication some of the Government systems where we want to for ordinary people, and if they did it in one place, get the data—the information that is locked into one department—like most other governments would content management systems, for example—is where do—all benefits delivered by one government we have been reduced to scraping sites, because the department through one office, so people can go and actual content management system would not make it see one computing system providing all their benefits easy to get the data in the content system out. and means testing for them in one place. Haven’t Governments made—for political window-dressing Q118 Robert Halfon: Do you think you need to reasons—life much more complicated for IT? change procurement legislation in order to ensure that Sir Ian Magee: I do not think it is necessarily for that Open Source gets a proper, genuine look in? reason. I think we are in many ways a prisoner of our Professor Shadbolt: I think so, and I think we also past here. The first generation systems were built in need to change procurement so that when we procure silo fashion. Interoperability was not necessarily the we do not forget to say, “And the data in the system first thing that came to mind when they were being will be just available. You will just provide it against built. They are generally speaking still reliable and some common standards.” Perhaps we will talk about still lie at the back of a lot of the processing that is this later, but I think the actual data standards, this done in the Department for Work and Pensions. One whole piece around how we organise the interface— thing that would have cost me my job in the mid- which may sound dull and technical—the way that we 1990s would have been if pensioners or other social can get our systems to interact and not remain as silos security beneficiaries did not get their benefit on time, is crucial. and rightly so too. So there is some reliability that has Chair: Your initial comment was yes, we do need to got to be factored into this somewhere. change the regulatory framework, and that is in effect That said, it is enormously frustrating for the citizen, what we would like your note to concentrate on, but as you will know and your constituents will no doubt we take on board your other points. have told you, to have to contact different Government departments and feed data into different Q119 Charlie Elphicke: If I was an IT fat cat I systems, and that certainly is a problem that needs to would want to make my system as uncommunicative be addressed. with every other system as possible, so you would Professor Shadbolt: Yes, and certainly that is the case have to rely on me, which is exactly what has with some of the big transaction-based systems. I happened. How can the Government ensure that we think there is a huge opportunity though there for have Open Standards so we can have open Government to look at a different way of how it communication between all systems, and how can we engages. This was touched on in the previous session: make that successful and effective? people talk about trying to get to Government 2.0— Sir Ian Magee: Two points: in our System Error can the citizen interact more directly? Certainly one report we are painting a picture of the future. We do view is that the Government should just get out of the not think it will be possible to get the future in one way of a lot of these applications. It should simply step, and indeed our recommendations recognise that. provide the information and allow the market and I do not myself go for the conspiracy fat cats theory external developers to innovate. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Public Administration Committee: Evidence Ev 17
8 March 2011 Professor Nigel Shadbolt and Sir Ian Magee
Q121 Chair: Can you just give an example of what FTSE 100 company would understand more than you mean by that, because it is quite difficult to intellectually the power of IT for his or her understand. organisation, so that should happen in Government as Professor Shadbolt: One example brings together the well, and I am not sure that we have yet necessarily whole idea of standards, but also innovation. Recently got there. local authorities have been asked to produce all of their spending above £500 in value. Now, to achieve Q124 Chair: Thank you. But you are both agreed that end, the Local Public Data Panel, which I chair, with the previous witnesses that the platform element issued guidance about what it meant to publish this needs to be centralised, and controlled? material at all, so simple information about what was Professor Shadbolt: To speak to the earlier point required and how that would then make it very around whether the large suppliers never have it in straightforward for the information to be aggregated. their interest to think about using Open Standards, I We now see companies, but also various community think actually they are increasingly seeing—and some efforts, taking all of that information and building have a tradition of doing this—we need to think about procurement analysis tools, looking at whether one really enforcing that, so to say when we build these authority is purchasing and acquiring as efficiently, systems you will build them using Open Standards, you might argue, as services somewhere else. So you because that will simply alleviate a lot of the problems can put a whole level of additional service on top of that you get after the fact the system is commissioned the data to enrich it, and I think public spending, of and you find it cannot talk to anything else in the course, will be a particularly interesting area. world except itself. Chair: Moving on to the post-bureaucratic age and Q122 Chair: Shouldn’t we require PFI contractors to the implications for IT. do the same thing? Professor Shadbolt: That is actually a very salient Q125 Paul Flynn: We are told we are in year zero of point. One of the things that we need to look at as we the post-bureaucratic age, and if you were introducing outsource more and more of these capabilities is “do the Child Support Agency now rather than 1993, how not outsource the data with it”, because generally that would it be better now we are living in this age of is what the public has paid for. enlightenment? Chair: Right, Mr Heyes: governance arrangements. Sir Ian Magee: I certainly would not start from 1993. I might start from some of the lessons learnt there, Q123 David Heyes: I think, Chair, we have got the which are, as I said before, not to try and change every panel’s view on the adequacy of governance element of something at the same time. If you assume, arrangements, but I particularly wanted to ask Sir Ian behind your question, that there is a sort of platform about the role of the Cabinet Office in this, approach that we are advocating in our report, then particularly as this is an ongoing responsibility of that gives you a better starting point. You might or yours, I think. The Cabinet Office are able to might not end up, as the Chairman was suggesting, recommend, but they are not the controlling hand that with a spreadsheet solution, or you might end up with it sometimes seems might be necessary in terms of something a bit more complex than that, but you build governance. the systems by making sure that there is constant Sir Ian Magee: I think they have rather more ability iteration between not just the users within whatever to do so right now because of the financial imperatives the agency is that is applying the policy and the on them than maybe they have done sometimes in policymakers but also with the people that are going the past. It was interesting listening to your previous to be affected by the changes that you are trying to witnesses talk about the CCTA and the way in which introduce. things have moved from a lot of control at the centre There is a problem here for Government, incidentally, to not very much control at the centre. a problem with accountability for Government, In our report we say several things about governance. because you have to be prepared to fail, and if you The first one is that we do think that it is necessary to take an agile approach, that means writing off have a strong and independent CIO; that as far as the something that is not successful. That is not easy to platform element of what we are recommending is do, as we all well know, in a public environment. But concerned, there should be a comply or explain it has to be done if this is going to succeed. approach taken to Government departments. If they do want to go off on a different route they ought to Q126 Paul Flynn: How big a factor is it that the be prepared explain why. That, to your question, does people that run the job of implementing policy have a imply a very strong role for the Cabinet Office. We vested interest in continuing the status quo? They are do not necessarily believe, and we say this in the not likely to self-execute their own careers—their own report as well, that therefore means the one person at paper pushing that they have been doing for probably the centre ought to be calling all of the shots. They all their careers. should build on where the expertise is out in Sir Ian Magee: There might be something in that, but departments and do things collaboratively across my experience of the leaders in the Government IT Government. community is that they are a long way removed from I think governance requires one more thing as well, that. They are frustrated as anybody else: they want which is not just to leave it to the IT community: there to find a better way. They do not want to have a policy is a leadership issue here for permanent secretaries change suddenly announced in Parliament or and for people in departments. Just as a CEO of a elsewhere without them having had the opportunity to cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Ev 18 Public Administration Committee: Evidence
8 March 2011 Professor Nigel Shadbolt and Sir Ian Magee work through what the implications of that policy are started from there; trying to say that an IT solution with Ministers for the technology and to be able to was the right way to cure the ills of the way that that offer their advice. agency was set up in the first instance was not the right way to start, as it is not, indeed, for any business Q127 Paul Flynn: The promise of the problem. You look at the business and then you apply post-bureaucratic age, as described by Oliver Letwin, the technology to the business. You do not do it the is that it is an age where people expect to have a wide other way round. range of choices available and have those choices met. Is this a post-bureaucratic age, or is it utopia? Q131 Paul Flynn: Do you see anything in this Professor Shadbolt: A wide variety of choices; I concept of a post-bureaucratic age that is going to think— ensure that IT works more efficiently in the future? Paul Flynn: They expect them to be met, for Sir Ian Magee: In the Institute for Government’s everybody. report we have suggested a way forward that we think Professor Shadbolt: I think variety works. What we will be much better for the users of IT, for the people have seen with the web— who are served by IT, for the taxpayer, and not least for the technologists themselves. I think if those sorts Q128 Paul Flynn: If everyone uses their computers of recommendations are adopted we have a better and they all apply for the same popular school in a chance of making things work than we have had city, how can their choice be met by the wonders of hitherto. the post-bureaucratic age? Professor Shadbolt: I think it can be very hard to Professor Shadbolt: I think that is probably beyond retro-fit an IT solution to a process that is the scope of the IT systems themselves. As I fundamentally broken. Some of the problems in many understand this, one of the things we have to let go of of the large transaction systems in Government is that in terms of our view of what Government should and the back office requirement is very onerous. Frequent should not do is that they are custodians of everything: re-presentation of a individual for benefit, to to the applications, to the type of options on offer, physically prove themselves there time after time after even to the data. A very good example, a transport time, one suspects is part of what the problem is with example, was where all the bus stops are. There are some of these systems and not trying to build a very 360,000 bus stops in the UK, and we finally got the extravagant IT system to sit on top of what is a broken Government to publish that data freely. We discovered process. So one of the challenges is I think for us to that 18,000 of them are not where they thought they look at those kinds of processes of Government from were. But now, we are finding out where they are the point of view of whether they make sense as a because people are participating in a process of process. improving the actual underlying data the Government Sir Ian Magee: May I add one thing, which is to holds. Now, that seems to me a great example where your question. It is inevitable and it is right that public you can recruit the energies of individuals to actually servants and Government Ministers should be held to improve for the greater good. I think it is going to account for the many things that have gone wrong, apply in applications. Of course, when you are really but there is precious little focus on the many things successful you then have a problem because that have gone right in Government as well, and the everybody is piling in to make informed decisions. National Audit Office produced a report in 2006 that Then you have to meet those expectations politically. identified the number of those too. There are unsung, they do not get publicity: people continue to get their Q129 Paul Flynn: I have a number of nostrums for benefits on a day-by-day basis; people continue to new staff. One of them is that a Child Support Agency take advantage of other developments in IT. That is case is for life, not just for Christmas. Looking back all to the good, so this is not a one-way street. Equally, at your contribution to that, Sir Ian, what would you there are much better ways of doing things for the change now, and what are the lessons learnt? I think future, and we have suggested some of what they most MPs would say it was the most painful piece of might be. legislation, as far as the results on our constituents Professor Shadbolt: And we should not get too and on our staff and us, in my 24 years in Parliament starry-eyed thinking that the private companies know at least. how to procure their IT any better than parts of Sir Ian Magee: It would be in some senses wrong for Government. In fact you find bad examples of that too me to apply 20:20 hindsight from 19 years ago to an in the private space. agency that I was never responsible for. Q132 Paul Flynn: I think we can all rejoice in the Q130 Paul Flynn: But your career has prospered 22 million who get their car discs online now, which since then. You talked about some things you would saves an enormous amount of time and goes very have done that would have ended your career. You swiftly. Can I just finish? I have been allocated the have been knighted. Were you knighted for your task of seeking out the truth on the role— services to the Child Support Agency? Chair: You chose it. Sir Ian Magee: No, as I said, I did not work in the Paul Flynn:—of the post-bureaucratic age. Does it Child Support Agency. I did try to provide something exist? Is it a myth? A slogan? A nothing? A figment that would work for the staff in the Child Support in the imagination of Mao Tse-Letwin? Agency so that they could serve their people. That Chair: You may decide that that is not the subject of was not adequate for the purpose. I would not have our inquiry. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Public Administration Committee: Evidence Ev 19
8 March 2011 Professor Nigel Shadbolt and Sir Ian Magee
Sir Ian Magee: You would have to ask the Minister. Sir Ian Magee: We have dwelt on one case, but too Professor Shadbolt: There has to be an opportunity often it is a bolt-on at the end, and IT being seen in to think about how we engage the machinery of Government as a problem rather than an opportunity. Government with the citizen. I think our technology I absolutely endorse what Nigel Shadbolt said about gives us a new way of doing that. the private sector not having every answer, but private sector companies would, generally speaking, see IT as Q133 Kelvin Hopkins: I have a bee in my bonnet an opportunity. If I could caricature this, it is much about particularly the tax credits system operated by more likely that a permanent secretary will get HMRC, which I think is absolutely daft and should involved in this with a rolling of the eyes and a have been merged with benefits, administered within thought of being scourged by the Public Accounts DWP. Is it not possible even now for you as IT experts Committee than necessarily thinking what is going to to suggest to Government that in future they should be good for his or her enterprise in moving it forward, take account of the complication they can impose by and I think that is something that has to change, if that having policy whims? It would be much more sensible gets to your question. to do things in one department, rather than spreading Professor Shadbolt: As one of the interviewees for something across several departments, because to the reports, I would endorse many of those findings. I them it is politically appealing? think the observation there is that, again, it is about Sir Ian Magee: That is a whole different story. I am competence and expertise; it is about having a sense not tempted to go down that route, other than to say that there is an opportunity. The other challenge is the that it did not surprise me as somebody who had rates of change: to suddenly realise that you are going worked for a long number of years in the benefit to have to organise an entirely new way of system that people—and this has been well recorded communicating with yourself as a department and the elsewhere—who are not used to dealing with changes outside because a new social medium has come along of circumstance on a weekly basis, i.e. tax officers, in the space of a year and a half—Twitter—and people should have found it difficult to cope with that aspect would mock it at first and then realise they cannot of things, whereas people working in social security afford not to be there. But how do we engineer offices are much more used to dealing with changes ourselves to see these opportunities, to actually of circumstance on a frequent basis. anticipate them rather than always feeling that we are Kelvin Hopkins: Exactly the point I made in the catching up or, indeed, that this is a terrible added debate last week. burden? Professor Shadbolt: I do not think the perfect should be the enemy of the good in any of these solutions Q136 Greg Mulholland: It strikes me that there is either. What we notice is that a degree of something potentially contradictory in some of the decentralisation is just a state of nature and can evidence that we have received, because on the one actually make systems very robust, but occasionally hand, certainly some Government IT failures appear you need to work out where the join points are— to be because the Government has focused too much where the common standards are that will make the on the IT as a standalone area of policy almost, and rest of the information flow and the applications flow, certainly focused on the procuring of those new and they are in some very simple areas. They are in systems and new technology but not following clear areas like standard supplier identifiers for Government policy procedures. And yet other people, such as suppliers, the kind of stuff that we could engineer Sirius, have argued that IT is often too much an really very straightforwardly, some of this stuff locked afterthought and considered only when you have done up already in places like Companies House. that. But you cannot have it both ways. Surely if it is integrated then it has to be thought of as part of the Q134 Chair: You sound quite frustrated that this is whole process. But going back to my questions in the not as obvious to the bits of Government. original session, because we are talking essentially in Professor Shadbolt: I think it is becoming so. I think all cases about policy, does it not rely particularly on one of the opportunities in thinking about the having clear policy that IT then is supposed to deliver, information, the applications that Government holds and where the policy is perhaps wrong or changing as an information fabric is that they are noticing that that can lead to the impossible situation for IT to there are some obvious points where the systems just deliver that? do not join up. The Ministry of Justice Libra System Sir Ian Magee: The short answer to your question is and the various other parts of legal software simply yes: the clearer the policy the more likely it is that have no way of actually being integrated. you will get some sort of workable solution, whether it is IT related or not. I think the interesting point that Q135 Greg Mulholland: Can I take you back to a perhaps underlies your question is just how difficult very basic question? We have gone off and talked Government IT is: we start with a quote from the about some of the rather interesting aspects of this Government’s Chief Operating Officer that says that whole question, but going back to one of the IT in Government is as difficult as it gets. Why is that fundamentals—and I touched on this in the first complicated? It is for all the reasons that you will no session—how well integrated do you think IT doubt face with all your constituents every day, every considerations are in the wider policy development week of the year: that there is this difficulty about process? This is particularly for you, Sir Ian, but for them having to interact with lots of different both of you. Government departments, sometimes at the same cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG01 Source: /MILES/PKU/INPUT/010970/010970_o001_michelle_PASC corrected transcript 8 March HC 715i.xml
Ev 20 Public Administration Committee: Evidence
8 March 2011 Professor Nigel Shadbolt and Sir Ian Magee time, in order to get where they need to get as “very few information technology failures, but plenty individuals. of examples where a public-sector business change project, using IT, has been mismanaged.” So the first Q137 Chair: Sir Ian, in your opinion is it that IT thing is would you agree with that, but if you do agree drives the policymaking process, or is it rather like, as with that then who do you think has been guilty of I mentioned earlier, Prime Minister Blair deciding he the mismanagement that we have seen? Is it Ministers, wanted a choose and book system for the NHS and is it civil servants, is it IT companies delivering one- thought about IATA ticketing system as he did it? Or size-fits-all solutions, etc? How do we try to stop that is it that IT comes in as an afterthought when the mismanagement, to get to the stage where IT is policy has been thought up in isolation of IT actually delivering policy objectives for Government? possibilities and constraints. Which is it? Clearly that is what all of us want. Sir Ian Magee: I think it could be both of those in Sir Ian Magee: I am happy to have a go at this first. different circumstances. Trying to think of examples: I agree with the premise; I do not think it is the you have talked a bit about the ID Cards, and I am underpinning technology that has generally failed. As not terribly familiar other than what I read in the to the solution—and you would expect me to say this, papers with what happened around ID Cards: that did wouldn’t you—adopt our recommendations and you sound technology orientated. You have talked also have a much better chance of making progress in the about the Child Support Agency; that was bolted on at future. the other end. What I would say is that, if Government Chair: Platform agile. chooses to adopt the recommendations in our report, Professor Shadbolt: I would endorse that. that goes to Mr Mulholland’s question and starts to tackle those platform issues so that there is a way of Q140 Chair: Just as a last question: Professor doing things around here that is common, so that there Shadbolt, you said that you started your open data is more interoperability introduced, and you have got project in your local area with agile methods. Are they a much better chance of avoiding some of these sticking to that? Does that hold good, and is that situations than you have had in the past. driving the change that is needed? Professor Shadbolt: Well, it still says “beta” on the Q138 Chair: But in terms of process, this is not site, so it is still a site under development. I think that about balancing the pressures between the two, is it? is an interesting aspect of this, and essentially with the It is about sequencing the decision making in the agile method, in some aspects the job is not finished. correct order. You are looking to constantly improve and it is built Sir Ian Magee: Absolutely, and that is why I think out from that. things need to happen fairly quickly in that respect: There will be an interesting challenge as we look to— get on with the platform quickly, start to try a few if indeed we are able to launch agile efforts within things out in the agile environment quickly too. Government—work out how they become sustainable, Professor Shadbolt: I was going to say, what we are and what going mainstream means, and do they have seeing of course—and Professor Margetts touched on to be consolidated into larger IT functions, and this—is that with the information systems we now without losing the essence of remaining creative and have, the issue of what is prior—policy or the reactive and adaptive. I think that the evidence is system—is really very blurred indeed. So if we take people can be developed and can be organised to the example of crime maps, which were launched deliver these kinds of benefits, that existing IT teams recently with huge public interest, the issue there was need to be given the permission—and often they are; that if you are going to provide a level of detail to one of the remarkable things we discover is the everyone in the country to the level of their street, willingness of people within Government departments whatever one’s view on that is, then you absolutely to want to be allowed to operate in this kind of way. can only do that with a particular type of system, and Chair: Thank you very much to you both, and another in fact the opportunity to even make that policy is very useful session. I am most grateful for your help partly a function of having the technology. So I think and we look forward to your further memoranda on that is where we have, in some cases, not this policy the legal questions about procurement. Are there no here and then the IT, but the two are co-evolving. other questions from my colleagues? My thanks to them. Q139 Greg Mulholland: Final question from me. A quote from ThinkGov, who have argued that there are cobber Pack: U PL: COE1 [SO] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Public Administration Committee: Evidence Ev 21
Tuesday 15 March 2011
Members present: Mr Bernard Jenkin (Chair)
Paul Flynn Robert Halfon David Heyes Greg Mulholland ______
Examination of Witnesses
Witnesses: Martin Rice, Chief Executive Officer, Erudine, David Clarke MBE, Chief Executive Officer, British Computer Society, Janet Grossman, Chair, Intellect Public Sector Council, and Sureyya Cansoy, Director of Public Sector, Intellect, gave evidence.
Q141 Chair: May I welcome you all to this evidence technologies and agile service delivery. I am also session on the use of IT in government? May I just co-founder of an organisation called UK Innovation alert you to the fact that we have a very busy morning Initiative and a former vice-chair of the Intellect in the House of Commons this morning? Several SME group. members of the Committee unfortunately have other Chair: Well thank you all very much for joining us, duties in the House, specific debates allocated to their it is very much appreciated. Mr Halfon, who has to name, duties on other Committees and so on, but don’t leave very shortly, is going to ask the first question. let the thinness of attendance lull you into a false sense of security. I notice the cameras are not here, so Q145 Robert Halfon: Thank you, I do apologise, I do speak freely although you are on the record. To have a debate on something in my constituency start with, will each of you identify yourselves for downstairs. Why do you think that such a small the record? number of companies are awarded the majority of Sureyya Cansoy: Sureyya Cansoy from Intellect, the Government IT contracts? trade association for the technology industry in the Sureyya Cansoy: Shall I attempt to respond to that? UK, representing 780 technology companies. First, we need to recognise that it is very difficult for Janet Grossman: I am Janet Grossman, and I am the smaller companies, and indeed new entrants to the chair of the Intellect Public Sector Council. In my day public sector market, to win business in the public job, I work for a company called CSC and I should sector market. We are very encouraged to see that this also tell you that I am a former civil servant. Government are taking the SME agenda very David Clarke: David Clarke, Chief Executive of BCS seriously. We saw some important announcements which is the Chartered Institute for IT, equivalent to made by Francis Maude at the Treasury just last the Institute of Chartered Accountants, for example. month, attempting to open up the market to smaller companies, social enterprises, charities etc. As a trade Q142 Chair: The British Computer Society? association, 60% of the companies that we represent David Clarke: The British Computer Society, are actually SMEs—small and medium-sized although we actually use Chartered Institute for IT enterprises—so we are very much encouraged by that. rather than the full words of BCS these days. We are Having said that, yes, there is an issue and there are an impartial organisation, which is totally independent practical things that could be done to address it. The and self-funding. We have 70,000 members, who most important thing is to look at how procurement include world-class members on pretty much any currently works. The current procurement process in subject in IT. I think you will find that most of the the UK Government space does not help smaller well-known people in IT around the world are fellows companies or new entrants coming into the market. of the BCS. What we do is offer good, professional By improving the way procurement works, we can advice, impartially with really no representational open up the market to not only smaller companies but links at all. We are the professional body for the IT all sorts of other organisations in this space. So yes, profession. there is an issue—we recognise that—and the measures that the Government have taken so far are Q143 Chair: What rather confirms all of one’s worst very encouraging in terms of addressing those, and we prejudices about the IT industry is that your name are really looking forward to being able to work on belies what you actually do. some of the details of those new Government David Clarke: I don’t want to go into that too much initiatives. but when BCS got a Royal Charter in 1984, it was in the name of BCS and we would have to go through Q146 Robert Halfon: But do you think some of changing the Royal Charter to actually change the these big IT fat cats have too close a relationship with name of the chartered institute, so it is a bit of a the civil servants and, because it has gone on for so project for us there. long, it is part of the de facto system? Sureyya Cansoy: The key to a successful project or Q144 Chair: Again, I will refrain from drawing programme is a real partnership between a customer attention to the parallels. Mr Rice? and a supplier. In a sense, you would want a strong Martin Rice: Martin Rice, CEO of a software partnership-based relationship between a customer company called Erudine that specialises in agile and a supplier, albeit not a cosy one, and perhaps we cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Ev 22 Public Administration Committee: Evidence
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy need to accept that. There is some comfort zone issue So the whole process actually works in favour of the in that procurement customers at times might prefer existing suppliers, which is the fundamental problem. companies that they know well and that they have an Martin Rice: I am always interested in root cause experience of working with. I will pass on to my other analysis rather than how we deal with a symptom of colleagues to add to that. what is going on, and my understanding is that in Chair: May I just interrupt for a second? I forgot I 1918, the Haldane report for the Ministry of wanted to place on record a potential conflict of Reconstruction made the decision to structure in interest. The Chairman of Fujitsu Europe has been a vertical silos for each Department, which has carried family friend for a great many years and our two on. Now we have Departments who produce what the families know each other extremely well. I just Department needs, so we don’t get reuse. If we think wanted to put that on the record. Carry on. in terms of verticals, you will always buy IT in the Janet Grossman: I have been on both sides of the big, but you are reinventing the wheel all the time. So equation as a procurer in Government of very something being developed in that Department is important IT systems that deliver citizen outcomes for being done there, and the problem has been solved. the poorest in society, including pensioners, and I am If you start dividing it horizontally, which is what is now with a supplier. I will tell you that, as a small and happening in the cloud in the rest of industry, you can medium player with innovation, the cost of entering start procuring the services in much more subset parts a procurement cycle can be life threatening. As the and you can assemble services so that you procure IT in the small. I also feel that because of the vertical Government contracts tend to be very, very alignment of buying IT in the big, it has created an well-prescribed, very detailed, long and very big, if oligarchy, which is a very dangerous situation. It is you are a small innovator and you want to do much worse than just a cosy relationship, and what something radical or even a bit different, it can be needs to happen now is that the oligarchy has to be very hard for you. As a taxpayer, as someone who destroyed. You don’t deal with an oligarchy through wants to deliver citizen services and all those good talking; you change the environment and you destroy things, what we need to do is broaden the ecosystem the oligarchy. however we can. That means that we help make it easier for them to enter the cycle, that we encourage Q147 Chair: So which is the oligarchy—the the big guys to partner and change with them and that industry, the Government or both? we look at the very, very best in the world to bring to Martin Rice: No; with the suppliers who have the the UK. It is radically shifting but not fast enough and majority of the work, it’s the tail wagging the dog we all stand for a lot of change in that area. In terms now. It is not the companies that are at fault; the of the cosiness, when you have very long-term Government procure badly—they procure in the big, contracts you can become too familiar, that is a fact. and they allow these contracts to be let. There has to However the fact that the economy is suffering and be a move to what the rest of industry is doing, which people are having to get out of their comfort zones, is is buying horizontal services, such as ata centre helping people to look at each other in the mirror and, services, and people use them. on both sides of the aisle, challenge each other to get better value out of these contracts so I think we are at Q148 Robert Halfon: Is there an artificial cartel with a quite important tipping point. the big companies crowding out the smaller ones? David Clarke: When you work with people over a Martin Rice: It is dangerous for me to say yes, but I long period of time, clearly then relationships form. understand what you mean and it is close to that. There is some evidence of that, but I agree with my colleagues here that the root cause is the procurement Q149 Chair: You can’t be sued in here. programme, because it is very expensive to bid for Martin Rice: Then I believe it is. large projects. The bigger the project, the more expensive it is to bid, and because of the sheer scale Q150 Chair: You believe that it is a cartel. of a lot of the Government contracts, that excludes all Martin Rice: Yes. I believe that everybody knows but the very largest companies from actually being they will win a proportion of the work, and they are able to afford to bid. The UK rigorously follows the careful what they bid for. EC procurement directives—more rigorously that anyone else in Europe—and its aim is to be more Q151 Chair: Do you think they talk to each other transparent and to have more competition, but the unofficially? effect is that the procurement processes are much Martin Rice: Unofficially, yes. longer, which makes it more expensive and less people want to bid. There is a fundamental issue about Q152 Chair: And does that mean they actually the procurement process that needs to be fixed first decide, “You go for that contract and we’ll go for and, if that isn’t fixed, nothing else will be fixed. That this one”? makes it very difficult for smaller companies and even Martin Rice: I don’t know if it is as much as that but some very large companies who look at whether it is I know that if they win one, they will bid for other worth spending that money to bid—it is only worth it ones knowing that they will lose some and they will if they win. If they are new into this area for the first not put as much effort into the bid. time, it costs them more than someone who is doing repeat business—they will know how it works—so it Q153 Chair: Well it is very refreshing to have such is a lower cost to the people who are already in place. frankness and, if I may, on behalf of the taxpayer and cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Public Administration Committee: Evidence Ev 23
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy the public, there is a very strong suspicion that this is companies in our membership so we are able to see the case and when you say, Mr Clarke, that the system different sides of the argument as well. I attended the militates in favour of the large companies, that is Institute for Government event a couple of weeks ago basically what you are saying, isn’t it? where they launched their latest report on Government David Clarke: I have no evidence to say to you ICT and, as you may know, Ian Watmore, the whether there is a cartel or not, I am afraid. I cannot Government’s chief operating officer, was the keynote tell you but the system certainly militates in favour speaker. He made a comment about ID cards which I of that. found really striking. He said that we always talk about the Government ICT failing but what we don’t Q154 Chair: To an outsider, frankly it looks like a really consider is that often ICT is there to implement racket, because the taxpayer is losing billions—we are a Government policy and a Government business spending billions of pounds on systems that don’t change programme. He was referring to the policy work properly—and the sector is as profitable as ever. decision to introduce ID cards and the policy decision We are going to come on to the shortage of skills later to cancel IT cards, and the technology elements were on, but why is the industry so adept at exploiting the independent from that process. There is something to lack of skills in government and making money out think about there—it is not only technology. We need of it. That is what you are doing isn’t it? Intellect. to think about the wider policy and why that has an Janet Grossman: I will take that one. It was by impact on how the Government do technology. design, if I may say so. Q162 Chair: I think we all accept that policy churn Q155 Chair: By whom? has an effect on the cost of IT. But the ID cards project Janet Grossman: In the ’90s when the big was way off target before it was cancelled, wasn’t it? outsourcing contracts were let, the business case relied Sureyya Cansoy: I don’t know the details of the on transfer of intelligence and knowledge into the project. supplier community and it went too far. Government did not retain enough balance on that side and through Q163 Chair: And there are plenty of projects, like successive Governments and budget pressures etc it the Rural Payments Agency and the Child Support has not been improved. Agency, for example. Janet Grossman: As a taxpayer it is a bugbear of Q156 Chair: So it’s the Government’s fault that you mine as well; RPA started with a policy that could not make profit out of failed systems. be implemented. Should the ICT industry have raised Janet Grossman: Oh absolutely not, no, absolutely its hands sooner? Absolutely, and the Child Support not. We take full responsibility where we have failed, Agency is a similar thing. We both have to sit down make no mistake about that. and look at the outcome to the citizen or the taxpayer first, craft policy and delivery mechanisms that are Q157 Chair: So you lose money. deliverable and then put the IT around it, not the other Janet Grossman: Sometimes we do, sometimes we way around. don’t. Q164 Chair: So the industry is becoming aware that Q158 Chair: Take the identity card system: who the perception that you are exploiting the dumb were the main contractors on the identity card system? customer is not acceptable any more. Janet Grossman: My company was one of them. Janet Grossman: It is not acceptable to us either.
Q159 Chair: Which is? Q165 Chair: And is that going to stop? How are you Janet Grossman: CSC, but I was not involved in it— going to stop it? it was before my time so I will be limited in what I Martin Rice: Identity is a really interesting one. I can tell you. agree with you; I think the IT industry should publically apologise to the citizen for the rip-offs of Q160 Chair: Okay. Do you think your company lost the last 10 or 20 years. The Martin Read report in money on that contract? 2009 said something like: the UK is being charged Janet Grossman: I don’t honestly know. 23% more than our peer nations for no discernable benefit so we are ripping you off as an industry. I Q161 Chair: Well they are not going to advertise if feel that very strongly. People only started making any they made money, are they, because it is a bit noise about it after the Government had the strength embarrassing? to propose a moratorium that scared the willies out of Janet Grossman: I will tell you that it is in the public the industry, and it was a good thing. Identity is a very domain. You mentioned your counterpart at Fujitsu. interesting one; you can go to IT companies and say, Fujitsu lost money out of a contract and exited. I am “Can you do identity?”—and this is where sure all the big boys have done it at some point or Government is not a good customer—if you ask for another, and they have also made money on contracts, something, industry will happily tell you that they can so it is a mixed bag. charge you a lot of money to deliver it. Facebook Sureyya Cansoy: Perhaps I can add something on the deals with identity for a 12th of the world’s population ID cards. As Janet has said, the industry takes and they did not have anything like the budget the responsibility for the mistakes it has made in the past. Government has to deal with 70 million people. But As a trade association, we have both large and small we are not bringing the learning of these paradigms cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Ev 24 Public Administration Committee: Evidence
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy to bear; we are reinventing the wheel each time and it David Clarke: I am struggling a little bit because, if should not be allowed. As a taxpayer, I am very angry you take the difference between the Government and about this and it should just not be allowed. A lot of the private sector, this would never happen in the these problems have been solved; they are not being private sector. It will not happen in the private sector, brought to the Government because of the oligarchy. because those companies will not let it happen—the It is not in a profitable interest to bring you these customer does not let it happen. There is a paradigms. That is why I feel the oligarchy has to stop fundamental piece here where the Government have and Government has to start looking at how we can to get the skills to stop this happening. I do not learn from these organisations: very clever 24 year old represent the suppliers at all, but they are commercial people, dealing with 500 million people regularly. In organisations and the Government have to be in a another real case which was interesting, The Guardian position to manage that, with the skills to make sure run ‘Hack the Government’1 in which, basically, that doesn’t happen. That is where the fundamental geeks get together and do clever things; four people issue is. That whole skill set was outsourced in the in two days produced the equivalent of a multimillion ’80s and has not been properly replaced, and that, to pound DWP website for Jobcentre Plus. In two days me, is fundamentally what needs to change. they had a globally scalable website that you could Martin Rice: I agree with what you are saying but for use to find out what jobs were in your area. It was a any industry in a supply chain, if it is a professional better experience for the user. They couldn’t keep it supply chain, everybody has a duty of professionalism going because the Post Office wants to charge too not to take advantage of who is below them in the much for the lookup of the postcode. The DWP know supply chain, or take advantage of the customer or the about this but they haven’t adopted it. It cost two days, person above. We all have a duty to educate each other four people, and delivered a better experience but they so I do think that the Government are lacking the would rather carry on going to the same supplier. It skills and that they need to learn more. It is our duty is criminal. as an industry not to take advantage of it while it is vulnerable. What I am seeing at the moment is the Q166 Chair: But the industry has locked the Government making a lot of noise—which is good— Government into these very large supplier contracts. and I don’t mean noise in rhetoric; they want change. You insist on these exclusive arrangements, don’t I am seeing rearguard actions being fought you? everywhere and contracts being extended to get 10% Martin Rice: Stop them. As an intelligent customer, savings. I believe the HMRC has an extension to 2017 just stop placing them. because it reduces costs, which precludes innovation Janet Grossman: It is multidimensional. The into HMRC. We need to stop this, we need to educate contracts are let over a long period of time because of Government and we need to bring in the paradigms. the cost to the Government’s civil servants to procure, evaluate and all that, moreover they get the best value Q169 Chair: So you think the nature of the contracts if the cost and the application is spread over time. that the large companies negotiate with the That is changing dramatically as we go to software as Government are protectionist by nature? a service and things are more spotty and dynamic, so Martin Rice: Yes it is a two-way street. I will be honest with you; yes, David Clarke: Absolutely. we get better return on our investment, as anyone would, over a period of time. It suits the Government Q170 Chair: Well then, why does the industry go on as well because they get to lock in a procurement and insisting on them? don’t have to repeat that cycle over and over again. It Sureyya Cansoy: Can I come into the debate here? is a two way street and we both have to address that. The industry understands, as I said before, some mistakes have been made in the past but it also takes Q167 Chair: Anybody else? two to tango. As industry takes responsibility, Martin Rice: I feel nobody is fully to blame here; Government also need to take responsibility for some generally as an industry we have taken advantage of of the mistakes. However, what we are now seeing is a non-intelligent customer who made a quick saving a real window of opportunity to do things differently. outsourcing everything a decade or two ago. The fact We talked about Government’s initiative launched last that the industry continues to take advantage is wrong. month about making it easier for smaller companies There are paradigms out there that we, as an industry, and other types of organisations like social enterprises should be bringing; the Government should be etc. to do business with government—we will come listening and the Departments will not let those on to areas such as Open Source and agile, as you paradigms in. The cosy relationships exist and it will have suggested. We do need to look at this in a keep those out and I personally believe that they positive manner. Industry is committed to working cannot let one success story get through because it with Government to make this work and the industry will open the floodgates. You only need one or two understands that its success depends on making successes and it will open the floodgates. Government ICT work, and there is also an element in this for us as citizens. I cannot see my life as a Q168 Chair: We are going to get to more specific citizen working without the contribution of questions about Open Source and agile later so we technology. Every service that I use in the private will deal with that then. Mr Clarke? sector is delivered to me by the help of technology. 1 Note by witness: Correction—the hack days were run by The citizen expects the Government to deliver the Rewired State (see Q245). same standard of service to them through the use of cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Public Administration Committee: Evidence Ev 25
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy technology. So we really need to start looking at this reasons for projects going wrong, identified 10 years in a positive light rather than thinking about the past ago, is lack of engagement with key stakeholders too much. within the industry before the procurement process starts. So what we have been telling our colleagues in Q171 Chair: Well I do not want to dwell on the past, the Government is, “Talk to the industry collectively; except to say that our customers, our voters, do expect we understand you might not be able to talk to us to ask about this. We are going to be just as beastly individual companies because of competition rules to the Government, I can assure you; as you say it etc. but please talk to the industry and use their takes two to tango. But there has been an inevitability collective knowledge and experience”. At Intellect, about this for the last decade, every time the we have a service called Concept Viability, which we Government embarks on a large IT programme like launched with the support of Peter Gershon, who was the National Health Service patient record system— the first Chief Executive of the Office of Government the Government has cancelled that one too, but it was Commerce. The idea is that for any given project or just doomed to fail wasn’t it? Why didn’t the industry programme in Government, the customer can come to just say, “Government, you have the wrong idea, go the industry and test the viability of their thinking back to the drawing board because different ways of before they put out the contract notice. The industry thinking about this would produce much cheaper has the opportunity to tell the Government department solutions,” instead of going for large mainframe or agency honestly whether the project or programme databases. is designed well, whether it would work, whether the David Clarke: We submitted three reports to the commercial arrangements are the most appropriate Government and NHS saying exactly that over a ones, whether their budgets are realistic etc. And we period of about six years. are urging more Government departments to use services like Concept Viability and to talk to the Q172 Chair: And they were ignored? industry collectively. David Clarke: Totally. Q175 Chair: On the question of SMEs particularly, Q173 Chair: Well I think a note about that would be how can we get more SME involvement? jolly useful to put in front of the Government. I would Martin Rice: I am passionate about SMEs but I don’t be grateful for that. think they have a right to work. It is dangerous to say Martin Rice: I concur with that as well. The that 25% goes to them; they should only get the work Government talked to certain companies and if they offer the best value. John Suffolk started the individuals for advice and there is a wealth of advice G-Cloud strategy a year ago; we put a full-time person out there in the industry where people will tell you, on it for free, gratis, because it was a looking at how “This is the wrong thing.” I am not an advocate of we break it down horizontally and how we combine large companies or SIs, as I am small business, but I the small. As soon as Government starts buying IT in do have to interact with SIs if I am to deal with any the small instead of the big the best person with the sort of large contract. If a systems integrator puts in best value will win because there are much smaller what is called a “non-compliant bid” to Government, contracts for each small subset part. You do not start they are discarded, it is not listened to. So if the buying £100 million, £200 million or £300 million Government asks for something and you do not systems that are never going to work. You start saying, comply with that bid, as an SI, you will not be “I need a computer to process x”, and it will cost considered because if you start saying, “We think it is threepence. Anybody who needs to use that uses it, flawed”, you will not get the work. I have never been and you can work out all these different services. Then in that tendering system because I am so far down the you allow the SMEs an open playing field. supply chain, but these are the apocryphal stories that you hear. There is a wealth of advice given to Q176 Chair: But there is a conceptual conflict here, Government that is not listened to and it really isn’t there? On the one hand you think, ‘Well buying should be. bulk must be cheaper’. Janet Grossman: I have been in the position many, Martin Rice: I didn’t say buy, it should be a many times where they say, “You are missing a trick pay-as-you-go system; the world is going to here, why don’t you do it this way? Banking does it pay-as-you-use. If I get a BlackBerry, I do not pay this way, why don’t you?” and you get the “Oh, oh, £300 to £400 for the physical phone. I get a phone, tender’s out, we can’t talk to you, we can’t listen, we on a contract and I pay an amount of money per phone don’t want to hear it”. So there has to be a way to call. If I use it a lot, I pay for more time and if I have an interaction about what is best before don’t use it, I don’t get charged. I don’t pay for the Government makes up its mind, particularly before infrastructure of the phone network—I could phone the policy is nailed to the wall. Australia—it is a pay-as-you-go. The rest of the world is moving to a pay-as-you-go service and the Q174 Chair: But the industry will be the first to Government isn’t. You shouldn’t be paying the capital litigate if they feel the contracting process has not expenditure, you should be specifying a requirement been adhered to. Isn’t that why the Government are and the industry should be building it at their expense, so defensive? and it should be multiplicity of supply for each Janet Grossman: It’s a cop out to be honest. service. You should be able to bring the competitive Sureyya Cansoy: There is engagement that needs to market into no-locking contracts. There is so little that happen before that situation happens. One of the main Government is doing that couldn’t be delivered that cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Ev 26 Public Administration Committee: Evidence
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy way and if you stop buying large capital expenditure multiplicity of supply if they meet the standards. A projects and say, “This is how we are going to do it”, good example of this was the SAP calculations you you are forcing industry to have to interact that way. were doing for home buybacks. The Government While the DWP and HMRC are happy to spend published a set of constraints that said, “If you build £2 billion at a pop, industry is still going to keep a system that meets these constraints, you can deliver coming—they’re big boys—and taking your money. a SAP service”. So companies built systems, they got You will not move to where the rest of industry is them accredited to say “Yes we will meet those going. You have the ability to do it. You own the constraints”, and you had a multiplicity of supply. cheque book, close it. Government did not have to build the system.
Q177 Chair: What you are basically saying is that Q181 Chair: But how does that apply to NHS the Government’s idea of trying to allocate a records for example? proportion of their traditional spending method to Martin Rice: NHS records: Google have a service small businesses is doomed to fail. called Google Health in America. They have solved Martin Rice: I think it is doomed to fail. I am more the problem. It is a service that you could use. interested in looking at it another way around. You have a little old lady who has to interact because she Q182 Chair: So the Government doesn’t need to is vulnerable; she has a certain amount of benefits she build it at all? gets. Whom does she trust? She trusts her local Post Martin Rice: No; it was pig in a poke and I will be Office. Let them deliver the service; she trusts them careful of the words—is it a cartel? It was a pig in a and she has got a relationship. poke and it was doomed to failure.
Q178 Chair: Are you seriously suggesting each post Q183 Chair: We will come back to Open Source office should be allowed to buy its own IT system? later but, Mr Clarke, you are sort of nodding. Martin Rice: No. The front-end service systems can David Clarke: To some of what Martin says. I have be delivered by companies like mine and others. We always struggled strongly with: what is the public could put in the systems in the same way as you go task? What is the Government role in all of this? My and buy a lottery ticket, because somebody has opinion is that it is to set the strategy, the policy and decided to put in a pay-as-you-go service. All the the standards, and to monitor that those standards are infrastructure is in place, because it is profitable to do being adhered to without necessarily delivering so. The delivery of most front-end Government everything. services can be done through the places that the citizen already has a relationship with. Why can’t Q184 Chair: Well when did a large IT company like Tesco or ASDA run part of the jobcentre? We shop EDS, Fujitsu or PA say that to the Government? there, we get banking services there. If Tesco want to David Clarke: I don’t know; I do not represent those invest and produce a front-end to interact and deal companies. The problem is that the Government could with Mrs Miggins and her interaction with not do that today, because the skills are not there to Government, why shouldn’t they be able to? Tesco do it. It is a real mindset change. don’t want to get involved in a £1 billion procurement, but they want more up-sell to Mrs Miggins. So give Q185 Chair: Yes but the Government are relying on them the opportunity; tell them what you require and your industry to provide those skills. Here is the industry will build it. industry in front of us explaining that you have those skills and that understanding, why don’t you deliver it Q179 Chair: So how does this prevent the creation to the Government? of a profusion of systems and therefore the David Clarke: Because what those companies will do interoperability problems that you are trying to get is they will deliver it; they will want to be the away from? delivery mechanism. Martin Rice: That is bringing it back to an IT stance, and that is not the case. I am a complex tax person Q186 Chair: So self-interest takes over inevitably? because I run a business. You trust a trusted party David Clarke: Inevitably. called a chartered accountant to make sure that what I submit to Government in my tax is correct. We trust Q187 Chair: Intellect? certain people. So you bring in Open Standards. You Janet Grossman: I want to talk about— say, “To deliver that service, it has to meet x”.You audit what they are doing and if it meets that standard, Q188 Chair: Bringing SMEs and smaller businesses the citizen can go to them. You can bring it in in? through standards. Janet Grossman: Let me give you an example. In DWP there is something called, “Tell us once”. If you Q180 Chair: But we are not talking about the citizen, are unfortunate enough to have a loved one die in this we are talking about Tesco here and Tesco doing the country, you have to notify dozens of people at your job search and being the DWP job agency. Are they time of grief; the local authority, central Government, the customer in that sentence? the Coroner, everyone and their dog—you name it. Martin Rice: No the citizen is the customer. Because Exactly as Martin was saying, DWP has partnered you have defined what you need, if Tesco or ASDA with a local point of contact, voluntary sector or whoever chooses to build one, anybody can have organisations and everybody else, to make it as simple cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Public Administration Committee: Evidence Ev 27
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy as possible for those people in their time of need. So procurement process trying to answer some of those there are green shoots out there where this is questions. That is one problem—one of the biggest happening all the time, and they are using us as a problems that exist around procurement in the UK. means to deliver that service. There are pockets of What really frustrates me is that working together, the greatness, but what is missing for me is having an technology industry and Government have come up incubation cell where we can explore these things on with some really neat ideas and tools to try and a reasonable scale and then take them out from there. address some of the causes of complexity in It is not a choice of big or small, it is a choice of an procurement but we are not really seeing those tools incubation centre so that we can try things out and see being implemented. You need to ask the question why what works and, if we go to Google for health, who we are not seeing people in Government departments is to say that that won’t melt down in our country just and agencies using these tools and the answer can be because it worked somewhere else? complicated as well. Martin Rice: At least it was delivered and it might Janet Grossman: Just to give you a flavour for it— work. the most basic thing on Earth—you can get a Janet Grossman: So I am saying we should try things questionnaire with hundreds of questions on it that like Google Health. We should try these things. We you have to put a team on to answer. Then you go should try smaller things. into competitive dialogue, and I will not bore you with Martin Rice: I agree with you to a sense. We spend all the steps, but instead of looking at it in terms of £6 billion and we are always five years off NHS how we could do this in the quickest possible time records. It is a pig in a poke. The whole idea of agile with the least amount of risk, it tends to go in a pattern development or iterative development is to get that is unchangeable. Intellect, in particular, worked something that is good enough out there and then see with Government over the last four years to come up what the citizen needs; let’s do a bit more. with some really clever ways to streamline the process, bring in more SMEs, do all the things that I Q189 Chair: We will come to that later. think we want to do, but, honestly, what we lack is Martin Rice: That is the idea of Google. It might go the will to change. into meltdown but at least it is there, it is working and David Clarke: The procurement process in the UK at we can make it better. It is adding value for the citizen the moment is based on sound contractual and it is not just an open cheque book for unbelievable arrangements to deliver low risk and value for money large sums of money for ever, until we cancel it and though open competition but to get there, we have a say “Yes, that is fine.” very complex, time-consuming, process that is expensive for all parties, which ultimately favours Q190 Greg Mulholland: Perhaps to take the heat off large suppliers. Increasingly, because the cost gets so the industry for a minute, which might be welcome to great, there are fewer and fewer suppliers for each you, can I ask you to turn to the specific rules around project. We have a system that says that we are going the procurement of IT systems? The average to end up with one or two big suppliers being the only procurement exercise takes 77 weeks, which most ones who really can bid. The public/private people would regard as quite extraordinary as well as partnership contracts make it very difficult to change clearly unacceptable, and which reflects badly against suppliers and if we go down that route, we absolutely other nations who have some of the same rules—it is buy-in to a partnership with one organisation that not about the EU rules although they may be part of makes it very difficult to change in the future, with no it. What do you think are the specific problems about real flexibility. The UK public sector also outsources the Government procurement process and how would far more than any other public sector in Europe; that you seek to reform that to make it quicker and better? is for sure. We outsource far more than anyone else. Sureyya Cansoy: Procurement is both a complicated You will find that very few European governments and a very simple topic. We have been scratching our that outsource much at all, but we do. That heads for the last five or six years, together with our outsourcing process again passes the knowledge and colleagues in Government, trying to understand the the expertise to suppliers so we do not have it within causes of that delay in procurement and trying to Government. All of that limits Government’s ability understand the things that actually make public sector to change the process and to understand what it is procurement costly and complex in the UK, and then being offered. So there are some fundamental issues seeking to find answers to those issues. One of the around procurement. biggest problems in relation to procurement in the UK Martin Rice: It is a very big question. It favours a is, going back to something I have mentioned before, certain scale of companies because Government is there is not enough preparation on procurement before procuring in the big. Over the last couple of years, a Government department or agency goes out to EURIM Intellect and different groups have looked at procure and publishes its contract notice. They don’t what they do in Europe; there has been a belief that spend enough time understanding the art of the the UK adheres to the rules far more strictly than other possible, they don’t spend enough time thinking about countries. There could be a lot more flexibility there; the business outcomes that the project or programme it is our interpretation as a country that means it ends is trying to achieve, whether technology can deliver up being that long. EURIM sent out a delegation to it, whether they have the budgets, whether they have the Dutch Government to find out what they were senior buy-in from the Department etc. So what doing because they were deemed to be better, and the happens is that you start procurement and then you comments back on the minutes of the Euro meeting spend a lot of time during your official, formal were that the Dutch laughed when they realised the cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Ev 28 Public Administration Committee: Evidence
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy scale of the projects we do here. They consider player can afford to invest in these very tough times, €30 million to be a huge project and I believe there so it is competitive. were only three or four projects over €30 million; they still felt that they were not doing it right but they Q193 David Heyes: I would like to bring us back to could not believe that anyone would procure such big this intelligent customer point which has come out projects. The other side is that the real innovation over and over again in the evidence so far. Mr Rice tends to come from small organisations. This is not an was exhorting Government to behave more as an SME issue, it is that people tend to leave big intelligent customer, and David Clarke said something companies because they have an idea to solve similar. But Janet Grossman, you used to be part of something; they set up a small business and you get the Government’s intelligence, how can we get you elite people working together solving a specific back? Can we afford you? What should we be doing? problem. The route to Government is through the Janet Grossman: The happiest time of my life was systems integrators, and the reality of the situation is working for the UK Government, helping citizens, and that you will be engineered in to the procurement to I live for that. So taking the personal out of it, win the bid because, as part of the procurement, the peppering the UK Government with a few people who Government is saying, “Show us the innovation”. You have the will, the desire and the expertise will make are then almost guaranteed to be engineered out once a huge difference. In the current economic the systems integrators win it, so many SMEs now environment, it is not popular to bring in experts on just don’t bother getting involved. Where the anything, but if you were going to spend a few bob innovation that could make a difference could be on experts, you would do it in the area of procurement brought forward, it won’t ever make it to the project and being an intelligent customer. That is my opinion. itself. The simplistic answer is, buy in the small, and Martin Rice: I agree with everything that you say but don’t assume you have to buy in the big; it is not that the only thing I would ask is, how do you give that complex, and it is a con. You have 70 million citizens person teeth? You need the passion, you need all the and there are global companies dealing with hundreds things that you said but you have to give that person of millions of customers in a very complex way and the ability to drive something through and if they say they do not have anything like the budgets that you it is happening, it is my way or the high way, if it is spend. Do just close the cheque book, procure in a decided that that is what you are doing, and you are different way. going to do it differently, they cannot hit closed doors or bottlenecks. Q191 Chair: It is very attractive to Government to David Clarke: I totally agree, you cannot afford not just close the cheque book. to. You have to do that, almost at whatever it costs, Martin Rice: But you can. You really can close the because you are spending a huge amount of money cheque book. The same supply chain won’t, but a down the road on implementation and a relatively different supply chain will stand up and you only pay small amount of money getting the right skills in Government to manage that properly first. That would for what you use. save a huge amount of money down the road. You Sureyya Cansoy: On the Dutch reference, what is cannot afford not to. really interesting is that we have had various Dutch, Janet Grossman: The other weakness Government French and other EU delegations visiting the UK over has, which hasn’t come up in any of these papers, the last few years because there are certain things is programme delivery. Because you outsource your about the way that the UK does Government ICT that programme delivery work so much, there is no-one on other countries think they can copy, believe it or not. the customer side to watch out for what is going on For example, I mentioned Concept Viability, a service internally, and that is another area where you have let that is offered by Intellect, and the Dutch Government too much go. is implementing the concept of Concept Viability— David Clarke: I just remembered an ancillary point which tests the viability of your project before you on procurement. One of the things that worry me a lot start procurement—in their country. If we have these is the lack of career paths now in this profession in kinds of tools that other countries are copying, why Government. So much is outsourced; that work used are we not using them? to be the career paths of people coming up to become those excellent, knowledgeable people at the top of Q192 Greg Mulholland: It seems fairly clear from the tree. By outsourcing a lot of the stuff that you do, what you have said and two of you specifically you don’t have that career path within Government mentioned it, but do you all agree that the current and you have no choice but to bring people in from procurement procedures effectively lock smaller the private sector because at the moment, you cannot outfits out of the process? bring them through. It makes sense to develop people David Clarke: Absolutely and over time you will have that career path back but Sureyya Cansoy: Yes. We actually asked a small you do not have it right now. sample of our members before this Committee Hearing how much it costs to bid for a major project, Q194 David Heyes: Let’s develop it a bit further, just to get a feeling of the costs associated with it. It what particular skills are they? What is the skill set can be as much as £2 million for each supplier to bid that we need to get back into Government and how for a complex ICT project in Government. That is not should the Government go about achieving that? an amount that an SME can afford to invest and, There is the question of costs that will be difficult, actually, it is not necessarily an amount that a larger there is the question of ideology as well, because of cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Public Administration Committee: Evidence Ev 29
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy the very powerful ideology that private is good and what it should cost and how long it will take. If you public is bad. How are you going to effectively get get that intelligence built in, you will have successful those important people back into the public sector? projects. Part of the lack of success is due to David Clarke: Ideology is not the problem. People do unrealistic expectations set at the beginning. not feel that working in the public sector is a bad Janet Grossman: For me the elephant in the room is, thing, quite the opposite, but it has to be the right under the noble intention of fairness, the Government skills, and those people have to be empowered to do does not feel able to bring in people to brainstorm the job. That should be strategic planning and there is and workshop ideas prior to policy coming alive or no such thing as an “IT project”, these are all business whatever, because they are afraid that others will change projects enabled by IT. So you really need complain they were not involved. In the private sector people to understand the business change element and you are free and open to say, “You seem to know how IT can deliver that. There are lots of those people something about this, we are thinking about doing around but it is really important to have business this, what about that? You do too”, but because of the change managers, programme managers and enough noble intention of fairness, you either have to invite business and technical skills to know how to get the everybody in or nobody in and you err on the side of best out of technology, what the right technology is, nobody in. when to go agile and when not, and what the security risks are of doing one or the other. Those sorts of Q196 Chair: But we have this Technology and skills need to be central and they need to be managed, Business Fast Stream in the Civil Service now, and but then the delivery can absolutely be done in the none of you have mentioned that. I am told that there commercial market place. You need people that can is a zero attrition rate from that which must mean that monitor what is going on in these projects; people it must be a satisfactory job because they are not paid who are knowledgeable enough to monitor what is as much as people in the private sector. Do you rate being delivered. So there is a whole series of skills this? but you don’t need a huge number of them; you don’t David Clarke: Yes need thousands of those people, you need a number of them who can control the delivery. I think that will Q197 Chair: And is it producing good people? dramatically reduce the cost of delivery. David Clarke: It is, but nowhere near enough. Martin Rice: I agree with what you are saying about that person being there from the beginning to the end. Q198 Chair: Is it a programme that could be called David Clarke: Absolutely up? Martin Rice: Not leaving half way through and going David Clarke: Absolutely. somewhere else; that is not what you mean by career development, you need continuity. The main thing I Q199 Chair: And you would very much welcome would say is, profit is a dirty word but Amazon’s IT that? is really interesting because they don’t have an IT, David Clarke: Yes. they distribute things. Everybody involved in IT is Chair: Moving on. focused on driving the transaction costs down, otherwise there is no profit and Government does need Q200 Paul Flynn: Ms Cansoy, you used the profit. You take a certain amount of money from the expression, “Concept Viability”, which interested me. citizen and anything you don’t spend on IT goes to I was reminded what Cecil B DeMille said: “Before frontline services. You need the people who think that we make a new film, someone should read the script.” way round, looking at how you can reduce the The idea of people coming from Holland to tell us transaction costs, looking at what other people are that, before we embark on a concept, we have to make doing in the industry and how you can learn from sure it is viable—do we really need to be told that? that, not understanding IT that much but having that Sureyya Cansoy: It is actually a UK initiative; it was mindset of: if I make that saving, there is more profit something that Intellect launched with the Office of to give to frontline services. Government Commerce in 2003. What colleagues in the Netherlands are doing is copying, with our Q195 David Heyes: Can I just link this in with the permission, the same initiative in their country point that virtually all of you have made about because they think it is a very simple and neat idea to involving industry early in the contract specification? use the collective knowledge and expertise that exists Are you saying that is a substitute for the lack of an in the industry to test the viability of an idea before intelligent customer or is that in fact the intelligent you take it too far. customer role? David Clarke: It is the intelligent customer role. If Q201 Paul Flynn: But is that not stating the bleeding you do not have them, then by definition, you obvious? I don’t understand; would you get some outsource it to a supplier and I think that is not the special people in who were experts in Concept smart thing to do. You should have those in Viability to find out whether what you are doing Government and if you do not have them in at the makes sense? beginning, then that will have a serious impact on the Sureyya Cansoy: The way Concept Viability works is costs of the project, the time it takes; expectations will that you take a specific project or programme that you not be set properly at the beginning if you do not have are working on, you bring a group of about 50 or 60 that expertise in early. People will be guessing at stuff technology companies together and you ask them a rather than really knowing what it will actually cost, number of specific questions about the project or cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Ev 30 Public Administration Committee: Evidence
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy programme. So for example, “Is this doable? Has it Sureyya Cansoy: The first question that we need to been done elsewhere? Are there any lessons that we ask, which David and Janet touched on earlier, is: can learn? Can technology deliver this? Are our what are we trying to achieve? Take the HMRC Tax budgets realistic? What kind of commercial Self-Assessment Service. The starting point for that arrangements should we be following?” Intellect then was: “Okay, we need to make the service more takes that collective industry feedback and presents it convenient for citizens so they can do it 24 hours a as the industry response to the Government day, they can put their details of their finances on this department or agency. It looks quite obvious; you online form and their tax gets calculated would think that people would say, “Actually yes, that automatically”. It is a great convenience and it is is very sensible, we should be doing that”, but you do saving HMRC money at the same time, so you need not always get that. to start with the business outcomes that you are trying to achieve first and then look at the technologies that Q202 Paul Flynn: And the comparison with are out there to help you do that. That should be the Amazon: we talked in the past about Tesco; these are starting point. huge organisations with very rare errors of one in David Clarke: I remember talking to a senior civil 10,000, whereas comparatively the Health Service has servant a couple of years ago about this area and they errors of one in 10 and so on. Are there differences said that, when they are developing the detailed policy there? I apologise for coming late and if this has been behind an idea they have been given, they always ask covered earlier. There does seem to be a great gulf the Treasury about the financial situation; they always between what happens—with the enormous waste, the ask the lawyers about what is legal; and they never huge amounts of money that are being paid in the think of asking the IT people about what is possible. public services—and the often dire results that come That is always done as an add-on later and it may be about. that even more would be possible if they asked earlier. David Clarke: Can I maybe come back to Connecting It may be that what they are asking to do simply for Health? We did a report in 2006—Concept cannot be done. To leave it late means that it almost Viability—that said that the basic concept of that certainly will not get delivered because IT simply would not work. BCS is quite unique in that we have, enables the project. It is not the be all and end all in a number of sectors, combinations of experts users within itself; it has to be a subsidiary of the business and, in this case, medical people and the IT change. implementers in the NHS; we brought all those people together to look at what was being proposed. We did Q204 Paul Flynn: Are Governments a soft touch a report there that said that this concept, which is one because of the ignorance of IT by civil servants and big, central system, simply cannot work. That was politicians. ignored and so a couple of years later we had another David Clarke: I don’t know that I would say “soft go, and that one was ignored. The idea is that you do touch”. need to look at concepts and the viability of concepts. This was a Government policy to do things in which Q205 Paul Flynn: Well you made the point about the it seemed that the only way of implementing that large amounts of money that have been spent on policy was to have that central system. That absolutely projects that do not work. was not the case but, even if it were, would that price David Clarke: I don’t think that the Government have be worth the policy? And to have one central database the skills across the board, at the moment, to get value of everyone’s record, when 95% of health interaction for what they are investing. They are investing a huge was within 20 miles of where people lived, was just amount of money and they should get a lot more nonsense. We put all of this stuff in the report. So value. there is a need on some of these projects to stand back and take a look at the concept. Q206 Paul Flynn: If you were down in the Dog and Sureyya Cansoy: If I can just very quickly mention Duck with a Minister, enjoying a pint of lemonade one example of a small pilot project that used Concept amongst yourselves, what would you say to them? We Viability about six years ago, at the end of the have a new Government full of reforming zeal. They Concept Viability exercise, that Government are Maoist—they want to revolutionise the system and department realised that they did not have the budget do it yesterday. What is the best advice you could give for that project and it was not doable. They took the them in a few short sentences? sensible decision not to continue with it for a saving David Clarke: Get the right IT skills, and that is not to the taxpayer of millions of pounds. the technology, it is as much about the application of IT to the business. Get somebody who knows your Q203 Paul Flynn: We are just in the middle of a business, knows what is possible, give them the census on a biblical basis of the entire population authority that you give to the finance and legal people when we know could get almost as valuable a result to incorporate that. Get them in early, listen to them if we took 0.1% of the population and examined them, and you will get projects delivered on time and to but we seem to carry on doing these things. Ms cost. Cansoy, in Intellect’s evidence, it states that Janet Grossman: Being a bit provocative, I would technology currently tends to be considered separately tell the Minister to get involved and to take personal from business change. What does this mean? How responsibility, understand what business drivers are in would you change the way Government behaves as the system; if a Minister stands behind a policy, it far as that is concerned? gets done. If a Minister stands behind a really good cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Public Administration Committee: Evidence Ev 31
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy innovation, people want to do more of it. It is really them forward, they have signed contracts to say they hard to be a civil servant these days; nobody tells you will. Facebook is an interesting example; they that you are doing a good job in the newspapers. So I developed some software called Cassandra. It is a would tell the Minister to find pockets of innovation, globally scalable database, they decided they did not to love it like mad and to be really tough about want to own it so they put it as part of the Apache accountability, but also to be accountable themselves. Open Source stack. It is available to the world and it has a very large group of developers working on the Q207 Paul Flynn: The tendency is for Ministers to code. It is a brilliant piece of software and it is free. run a mile when things go wrong and to put their civil Now it is not free, because you will pay people to use servants up to explain, as far as this Committee is it, you will pay maintenance support, but you are not concerned—take Tax Credits and so on—but do you locked into an adversarial relationship. think the Ministers, of all Governments, are defective in this in not taking a personal responsibility? Q210 Chair: How is that parallel to a patient record Janet Grossman: It is mixed. system or a system delivering a tax disk for my car? Martin Rice: The patient record is a really interesting Q208 Paul Flynn: Do they really know what is one. Rather than building this massive database, going on? which is going to cost billions, the way that Facebook Janet Grossman: It depends on the kind of works is that they can access any record anywhere in department it is; it depends on the background of the the world, and it comes up like that. The way that Minister, whether they come from a public service Cassandra was developed, as an example of it, was to background or not, and it also depends on the nature allow them to do that. So these have been produced of the challenge. If you have a really big challenge with that specific type of access to data in mind. going on, they get more involved than if it is business as usual. Q211 Chair: What about the security problems? Martin Rice: Simply put, it is a guardian on detail. Facebook is notorious for its lack of security. You get clever people, and they produce a fully Martin Rice: That is beyond the scope of today to go working system in two days that might be completely into that, and I believe it is a red herring. If you were what you didn’t want but you will be wonderfully to take a copy of Facebook and say, “Let’s use it for capable of telling them it is not what you want when Government,” it would be unsuitable, but that does you see something that isn’t it. Alternatively, we could not mean the underlying technologies are not capable all sit there and do a nice big report that nobody reads. of delivering this. It is a red herring. Just do fast, iterative spikes—it doesn’t matter that it is not scalable, and it doesn’t matter that it hasn’t got Q212 Chair: And is the lack of Open Source security. Is that what the citizen wants? You can do it development a reflection of the protectionism in the in days and then you can start saying, “You have industry? totally got the wrong end of the stick,” and you can Martin Rice: I believe so because it is used, get everybody involved and get the stakeholders in. pervasively, everywhere else. But actually build, fast, iterative systems and throw them away. Q213 Chair: I only use that because I feel you need At Erudine, we follow a process of quest; if we are to put your side of the story forward. not sure how to solve a problem, we get two or three Janet Grossman: My company, CSC, does not teams of two people, and we give them half a day to develop anything without the use of quite a lot of go away and get creative—there is not a wrong way partners. It is a myth that we are using less Open of solving it. They then come back and we will Source than we think. We have a lot of Open Source discard one or two of the routes. We might have two in government; it is surrounded by security measures weeks of development and then we choose one. We that obviously we don’t want to talk about in a public don’t predetermine from a big report, we just keep forum. It is getting to be part of our real world more looking and saying, “That is getting closer to what we and more. Dare I say, looking at the age of myself and think we need”, and then you are on the right track. some of the people in the room, it is a generational So we don’t waste millions because we waste a few thing as well. Those of us who grew up in the IT tens of thousands doing experiments, and then you industry do not really fully appreciate what is out know that you are on the right track. So in the pub there that could be rapidly deployed, so we have to with the Minister, I would be saying, ‘Start funding look ourselves in the mirror as well. But I think you more of things like the geek cells, and get more people would be surprised to see that more and more of even who can do these very quick systems who can ask, ‘Is the big SIs are using Open Source, Open Standards in that what you meant?’ and get everybody involved in their cloud applications in particular and we need to analysing your systems and, if they work, use them”. be better at communicating that. Sureyya Cansoy: If I may add to that, Intellect has Q209 Chair: Just moving on, we visited Facebook both Open Source providers and proprietary software for example, they use Open Source software and they providers in its membership and, whenever we talk to now have 500 million users. Why are Government so members about it, Open Source providers say, “Yes, resistant to this method of working? we would like to have a level playing field when it Martin Rice: It comes back to Mr Halfon’s point. You comes to doing business with Government” and we go to the systems integrators, they have tier-1 are strongly behind the message that Open Source relationships with certain suppliers; they have to push should be used where it makes business sense, where cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Ev 32 Public Administration Committee: Evidence
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy it is the best solution for the problem we are trying to services. The key thing about agile as I see it though solve and where it provides the best value for money. is that the user gets what they want. The key thing But at the same time, there are solutions where there there is what Mr Flynn was saying about the business is a mix of both proprietary and Open Source rather than IT. It is not even the business; if you are software, so often Open Source is hidden in a more building an IT system and someone is going to use it complicated solution provided to Government; it is in a Jobcentre, talking to a vulnerable person, what not always the case that it is not there. does that person want? Not what did the Minister want, but how do I make their life, sitting and Q214 Chair: Is there just one more thing Mr Rice? interacting with that person, easier? That is the person Martin Rice: I am yet to find Open Source to have a who agile wants to sit and help with the development; salesman who takes everybody out to lunch. A lot of the user, the people who actually interact with it on a procurements are sorted in the wine bar, over lunch or day-to-day basis. There is a standard joke in the on the golf course, so I see that as a problem for Open software development industry that you bring the user Source systems with very good software out there. in at the stage when we have finished. You very rarely bring them in right at the beginning and say, “How do Q215 Chair: So Open Source is alien to traditional I make your job easier?” These people, who do the commercial relationships. front interaction, probably know more about how to Martin Rice: A friend of mine was an MEP a few make savings to the business process than anybody years and said as a tongue in cheek joke, “Microsoft back in Whitehall or the big IT company. had a bigger delegation there than most Member States.” So the Open Source community did not have Q219 Chair: Okay, so what skills does Whitehall a large delegation there and Microsoft keeps the need? stranglehold. The word that was used down there is Martin Rice: Learn the principles of agile. key. There is also a big difference between Open Source and Open Standards, and Open Standards are Q220 Chair: You just need people to learn them? far more important than Open Source because it sets Martin Rice: Learn the principles of agile from agile a level playing field. It really does not matter, whether development companies, not from the current it is closed source or Open Source is actually a oligarchy, because they are not experts although are misnomer; anybody can interact within that set of starting to read the manuals and say, “We can do rules. agile.” I was really interested in the transcript from last week’s evidence session when one of the people Q216 Chair: And this relates of course to agile said that he could do agile within waterfall. That is a development as well, which you have been referring fundamental misunderstanding of the point of agile to a lot in your evidence Mr Rice. Why do you think and it is dangerous that that is on record in it is not in the interests of large suppliers to promote Government. If you want to know about agile, talk to agile development? people who are delivering agile projects, do not talk Martin Rice: The Agile Alliance started 10 years ago; to people who are not. the 10th anniversary is in June. We have been an agile development house since it started. The purpose Q221 Chair: Can big business deliver agile? behind agile as we see it is there is no lock-in and Janet Grossman: Yes. I am amused here, because no pre-determined outcome. You just have a vision when I was in DWP, the Pensions Transformation working with a partner and that it is a true partnership. Programme was all bottom up and delivered by the But you are starting on a journey of saying. “We will people who were using it and two big companies give you a working system every month which will delivered agile; that was four or five years ago. We be better than the last time and then we will all get are painting too much of a brush one way or the other. together and decide what it will be” but at any point, We have a long way to go in the big contracts because you can stop the contract. Big companies do not like some of the big contracts are over specified to not be that; they want five or 10 years’ lock-in. Agile has as agile as they could be, but it is happening more been there, and it has been proven to be a very robust, than you think and agile is out there. Just to be a little professional methodology. bit provocative, the problem with agile is, if you are not careful and you are not an informed customer, it Q217 Chair: Would agile have the effect of can be the never ending change project so I will just fragmenting the industry? say that you do have to put some brakes on it at times Martin Rice: Sorry, what do you mean? and I will leave it there. Martin Rice: If you look at agile from a certain Q218 Chair: At the moment contracting processes perspective, you are right it can be never ending, but have militated in favour of the consolidation of the the purpose of agile is to reduce the cost of change. industry because, if you are a big company, you buy The whole purpose of agile is to make change easy. another big company and you get more share of the Lord Erroll has a lovely phrase; he says that it is the market. But agile development would have the reverse job of a systems integrator to extend the problem, not effect wouldn’t it? solve the problem. That’s a waterfall; it is a Martin Rice: Yes but if Government continues to get throwaway comment. It is the purpose of agile to the big, you will always get the big company. If you simplify the problem and reduce the cost of change. start buying in the small, it suits the small, agile So yes, you keep working on it because the world development to produce exceptionally good, smaller iterates. Facebook did not have a document saying, cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Public Administration Committee: Evidence Ev 33
15 March 2011 Martin Rice, David Clarke MBE, Janet Grossman and Sureyya Cansoy
“Let’s build Facebook, job done, go away”; what they from that business. It does not fragment it; I don’t do is say, “How can we improve the service?” It is an think they are there now. The smaller companies are iterative, constant change and it is cheap. more agile but the big ones will not leave that alone if that is how you demand certain projects are Q222 Chair: Mr Clarke, you are going to get the developed. last word. Chair: Is anybody else burning to justify anything David Clarke: Thank you. It do not think that it that they feel they need to justify? Well I am very fragments the industry. In the end, if the Government grateful to you all, there have been some frank can become an intelligent enough customer, the exchanges; one senses an electricity in the air, that is customer is king. If you demand that, then the big what we wanted. It has been very informative for us, suppliers will respond and they will not walk away thank you very much indeed.
Examination of Witnesses
Witnesses: Adam McGreggor, Rewired State, Andy Burton, Chair, Cloud Industry Forum, and Jim Killock, Open Rights Group, gave evidence.
Q223 Chair: Welcome to our new witnesses. Perhaps but also the service users, such as childcare you could introduce yourselves for the record. practitioners, what they actually needed from these Adam McGreggor: I am Adam McGreggor, the Chief systems. So IT was really being regarded as a solution Technologist at Rewired State. I should declare an in itself. So the first step was to ask “Who is doing interest here; if I don’t, it could crop up that I the work? What work are they doing? And what do co-signed the Constitution for NO2ID and remain the they actually need?” So then whether IT fits into that Technical Director of NO2ID. is a completely secondary question. I don’t know if Jim Killock: I am Jim Killock, I am the Executive that makes is a little bit clearer. Directive of the Open Rights Group. We are a Andy Burton: There are two ends of the spectrum we citizen-based organisation that campaigns on human need to look at with this; first of all, if IT does not right issues in relation to digital technologies. serve an organisational purpose then, arguably, what Andy Burton: My name is Andy Burton. I am here as is its function in life? It is there to achieve an the Chairman of the Cloud Industry Forum. We are a objective and that objective is not to self-fulfil and not-for-profit organisation made up of members deliver it by IT, it is to achieve an organisational representing the broader technology industry and our objective. Listening to the earlier session, it also aim in life is to try and make it easier for consumers seemed to me that we risk lumping IT into this and technologists to meet minds. homogenous mass that only has one procurement model, which is outsourcing, and there is a risk that Q224 Chair: Did you all sit through the previous in looking at that as a deployment procurement session? method, you automatically lock in certain Andy Burton: Yes. philosophies around how you build software, how you Chair: That is very useful. In that case I shall not deploy software and how you manage software. We repeat my own declaration of interest. were mentioning about agile computing and things like that briefly, and it seems to me that the challenge Q225 Greg Mulholland: Good morning. Can I start is that is has to be serving an organisational or with you Mr Killock? I am going to ask all of you to Governmental objective for public purpose, but the comment but in the evidence that the Open Rights way in which it is procured needs to look at the Group supplied, you said that, and I quote, “Viewing elements where cost waste is incurred. There are IT as a standalone area for policy is a bad idea”, and issues around hardware and scalability, software— we are very aware that this is one of the big challenges how it is built and whether it is licensed or not—and of how this is done. How do you think IT could and the way in which it is managed. You need to look at should be integrated into the policy making process? that whole spectrum and there is not enough rigour, I Jim Killock: It needs to come further down the line. think, given to how the solution is procured because The evidence that I presented to this Committee is the method of procurement today typically advocates mostly based on a series of seminars we did which a lead organisation defining what sits underneath. looked at various big IT projects that were causing a Adam McGreggor: I endorse both previous speakers’ number of human rights issues from things like ID comments really, regarding a top-down position and cards through to health projects. But what really not actually considering design for the people using struck us when we did that work and we talked to the the service, whether they are the end users or those practitioners is that IT solutions were essentially being actually keying in the information, who are possibly thrown at services. Services, such as in child safety, very crucial in this sort of thing but are often left out. would be told, “Here is the next thing that you must It is all very good to implement IT systems but is deliver and therefore everyone must have information there always a case? The answer is: is this a technical about children to the nth degree”. And these projects problem or is this a social problem? I would look at were essentially being imposed in a rather top-down it from those sorts of direction as well and consider is way so they totally failed to really ask both the end as an all-round process, not just ongoing. There is users, perhaps in this case the children and parents, always this wonderful thing of continual cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Ev 34 Public Administration Committee: Evidence
15 March 2011 Adam McGreggor, Andy Burton and Jim Killock improvement, which is the other thing rather than just you tend to look at a solution as a complete turnkey doing it. As we heard earlier our rigid framework does rather than saying, “Okay, it has got to fit within this not allow scope to change and 77 weeks is an model because we are going to use that capacity that immensely, ludicrously long time just to deliver a we have now better.” And so because you are buying project. everything in a vertical stack, you are not getting the benefit of the investment you have already made. Q226 Greg Mulholland: And do you think that, as Jim Killock: The question needs to start off with: part of the procurement process, the Government what are the Government trying to achieve? Just to focuses too much on the procurement of new systems take a quick case study, we have been involved in and technology rather than thinking about how they looking at the consequences of certain sorts of will actually be used and the data that the systems systems rather than at the detail of how they got will hold? procured, and we ran a campaign about electronic Andy Burton: I would say it is both of those things. voting. We got involved in electronic voting as an The fact that it is a silo procurement, i.e. you have issue because, to us, it was some significant issues Departmental projects, institutionally leads to looking about democratic accountability, because you are for a solution for that particular purpose, almost trying to bring together certain things which are nearly ignorant of what else is available across the impossible to bring together-—anonymity of voting, Government. The fact that there are 168 different data security of voting and transparency of the process. centres in Government today is a reflection of that. These are very difficult things to bring together. How do you make a process both transparent and Q227 Chair: How many? anonymous? It is actually very difficult in an Andy Burton: About 168 I believe. electronic system, because, most of the time, you are Chair: Different data centres. trying to account for what happens in transactions by Andy Burton: Yes. The point I was making in the previous statement is that, if you look at it, there are seeing everything that is going on, so it is very basic savings; regardless of who you buy solutions difficult to make something transparent, accountable from, at the end of the day they use computing power. and anonymous. But the Government started off from If you look at it, it is a standard fact that the average a position that they wanted to increase voter turnout computer or server is using 20% of the capability, so and just assumed that the answer was going to be if you are using 20% of the capability and you have technology. The policy process appeared to be, “What this replicated multiple times because you always technology might we throw at this? Electronic voting build software solutions that scale to your peak sounds good so let’s put that in the mix.” If you think demands; you are building capacity for your income about the question of how you increase voter turnout, tax returns on 31 January or whatever it is, but on the that is actually something about democratic other 364 days of the year, it is running at a lower accountability first and foremost and about whether level. people think who they are voting for actually holds power, and whether they are going to have any Q228 Chair: One of the interesting things that we influence. So trying to answer the question of voter heard, I think it was about Amazon, was that they sell turnout through technology might be entirely their data storage capacity for 11 months of the year inappropriate. Then when it got down to, “How do we because their peak time is Christmas, but Government make any of these systems work?”, the key problem do not do that. in technology terms turned out to be far less about the Andy Burton: That is why they have moved from method of voting—whether you are using an being a pure book retailer, which they started as, to electronic machine or a paper ballot—but far more to now offering a massive cloud as their product. But do with voter registration, which is a very mundane I am obviously not here to representative a specific problem but is causing lots and lots of issues around commercial agenda. The point I am trying to make is voter security and whether people really are voting, that when you look at procuring IT, the tendency is whether postal ballots are really secure and so on. In to look at the overarching solution, but Government a way, the Government led policy from, “Here is a actually needs to provide a framework for technical solution that sounds great that we’d really organisations to comply with. It comes back to the like to impose on our Departments”, rather than, comments in the previous conversation about the “What is our problem here? What are the best fits to participation of small businesses. If you actually answer that problem?” I cannot really say how provide a framework—going back to Open Standards, you have this initiative called G-Cloud running in Government stops using democratic, parliamentary or Government, which I do not believe has enough teeth other political whim to drive policy but it seems to yet because it should be providing a blueprint to all me that a number of the projects that we are talking Government Departments about how IT solutions about and criticising fall into that category. ID cards should be procured. You should be sweating your is arguably another. Would it have solved any real hardware assets, you should be running less data identity problems or was it actually far more about centres, you should be consuming less power and Governments appearing to look tough on law and there is no reason that someone who is delivering a order? What was really the driver behind that system? software solution on top of that, and managing it or Chair: I don’t think you’ve got any dissenters here. not managing it, cannot work on top of that Paul Flynn: It would destroy a lot of jobs in my underlying platform. At the current moment in time, constituency. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Public Administration Committee: Evidence Ev 35
15 March 2011 Adam McGreggor, Andy Burton and Jim Killock
Q229 Greg Mulholland: I wanted to ask a question Q230 Greg Mulholland: Any comments? on the IT card scheme so that leads very nicely on Jim Killock: I would just add that it is not the only from there, but I thank you for declaring an interest example of these sorts of projects. With ContactPoint, and congratulations to NO2ID for their excellent and the Government had a concern about child security, so successful campaign which I am involved in and they invented a database system to solve the problem delighted about. Do you think that, concerning the rather than talking to the professional childcare people whole ID card scheme, whatever people thought about and asking whether it really answers the problem whether it was a good idea or not, there were other without distracting them from their job because they issues that we can learn from? One of the interesting are busy filling in databases that are largely full of things about the ID card scheme was that it was a useless material on people who are not actually at risk policy idea and an IT solution all wrapped up together. of child abuse. Those are the sorts of problems that Do you think that one of the reasons that it was clearly you end up with, but I would just mention that there going to be unsuccessful in policy terms is because are a couple that are still carrying on, still in this vein. those policy objectives kept changing throughout the Summary Care Records are arguably in a similar vein, course of the development of the programme in itself, and the intercept modernisation programme is but also because it became IT driven rather than potentially a similar sort of massive IT project looking policy driven? for a problem—it relates to needle in a haystack-type Adam McGreggor: I will kick that off. On the policy cases of terrorism. That involves collecting all the objectives changing, if we go back to when I first got online traffic data of every UK citizen in order to involved in identity cards—which was when they solve a needle-in-a-haystack problem. So these drivers were still Entitlement Cards back in 2000-ish or so, and even before then going back to the previous and the things pushing these policies forward still Conservative Administration when the idea was being seem to be there. Intercept modernisation could be an mooted even then—it is actually quite interesting to incredibly intrusive and anti-human rights, anti-human look at the identity cards and how, as a piece of privacy, measure—the sort of thing that both the machinery of Government, they actually came into Conservatives and the Liberal Democrats were very fruition. There are some people who have even traced keen not to repeat. The fact that that is still somewhere Permanent Secretaries and Deputy Secretaries around in the Government agenda—or perhaps I should say departments to see how departments followed when the Department’s agenda—says to me that the civil the servants moved as well, so there is that objective. servants have not necessarily changed their view of It was kind of destined to fail from the start, with how they want to solve the problem. ever-changing policy objectives and as the solution, for the Government, for everything from terrorism to Q231 Chair: But can I just press you on this for a benefit fraud through to everything else. It didn’t second? If you have everybody’s emails, there are actually address the underlying problems in any way. search engines that can search that pretty efficiently, There was still this problem: if we are going to tackle aren’t there? benefit fraud then why don’t we look at the number Jim Killock: The idea of the programme is to store of National Insurance numbers in circulation the traffic data, who talks to whom online—so it is compared with those actually being used? Similarly, the e-mail headers that are wanting to be kept—or if we take immigration then why don’t we look at it who talks to whom on Facebook or who talks to from the other side of things, at those actually leaving whom in chat rooms. The problem is, of course, just as well as those inbound? So there are those aspects. collecting that data on the basis of no business case The policy change did not help at all. A golden rule but purely on the basis that somebody somewhere— is that if you are going to be delivering a service then it is useful for the goalposts not to continually be Q232 Chair: moved. So there is certainly that aspect of it. I suspect You might want to search it one day. that I am probably going to turn into a previous Jim Killock: Yes, that is not how our human rights witness here with the idea that I don’t think it was IT privacy is meant to work. We are meant to have a driven; it was driven by IT procurers, those consulting right to privacy until we are suspected and the use of and those involved in the procurement process, rather traffic data in law—like your phone records; who you than the whole industry. They had an interest, to make might have been talking to on your phone—depends lots of money for their shareholders, and they had the on the businesses having a case for keeping that data; perfect opportunity with a nice little system that that is why they keep it. They do not keep it in case would be used in every single Government building, the Government wishes to survey all individuals; they by, near enough as damn it, by every Government keep it because they have a business reason. The official: “We might as well build a system that will Government is able to take that data because they have universal rollout if it succeeds.” As your have suspicion of an individual and they wish to get previous witnesses last week have shown, if we hold of that for investigation purposes. It does not actually designed the system based on the card—the therefore follow that, if the Government wishes to Ministerial whim was making the card and then the survey people, it can just simply have a blanket database behind that—then we have that sort of issue surveillance of everybody in whatever case. So that is here: are we actually delivering for a consumer who how the balance in privacy is meant to work, but that is going to use it? No. Does it actually deliver any does not seem to be any part of this debate internally, benefits to the consumer—the citizen? No. Does it within the Home Office, about why the intercept make life easier for Government? Possibly. modernisation programme should be advanced. cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Ev 36 Public Administration Committee: Evidence
15 March 2011 Adam McGreggor, Andy Burton and Jim Killock
Q233 Paul Flynn: One of the things I see in your face-to-face and having dialogue. It can certainly biography, Mr McGreggor, is that you were allow people to arrange to meet up in a pub—while responsible for FaxYourMP, which nobody does any in the old days we would have used telephones or had more. What more successful things have you been regular meetings with people—to talk amongst our involved in recently and why did you want people to peers. It goes back to the public discourses and the fax their MP? foundation of coffee shops. Technology can help to Adam McGreggor: We built FaxYourMP almost by some extent but it is not the solution to everything accident. It was one of those things that came out of and that applies to social, political and economic a now defunct organisation group that, in some ways, technology. led to the co-foundation of the Open Rights Group: the Regulation of Investigatory Powers Bill. We had Q236 Paul Flynn: I believe that part of the hope is lots of people, lots of our friends, saying to us, “We that instead of a top-down approach from have to do something about this. How do we contact Government, there will be a parallel contact between our MP? How do we write a response? How do we citizens and that will take the place somehow of this actually get involved in responding to a Government authority down to the peasants. Is this a daft idea? Is consultation?” Many people did not have any idea and it a great concept? Have we suddenly become a few of us were working in this building at the time, post-bureaucratic or not? and those of us who founded FaxYourMP were all Adam McGreggor: To me, post-bureaucratic will not pretty activist and politically aware. So we thought, happen unless bureaucracy disappears. There is this “Actually, how can we get hold of these MPs?” If we wonderful oxymoron of post-bureaucratic, yet there is go back to 1997, if you remember, every MP had their still bureaucracy. pager. We initially thought of PageYourMP, with these wonderful 130 characters or something like that which Q237 Paul Flynn: Can we use IT as a magic wand people could use to say, “This Bill is bad, do not vote to make it disappear? for it”. So we ended building this campaign website Adam McGreggor: We could, but I don’t know and collated 5,000 opinions on why the Regulation of whether it would have the same effect. It is a question Investigatory Powers Bill was bad, the reasons why, of whether you go for your armchair expert or and we collated those into a response. Part of that was armchair auditor versus someone who has had 40 because people wanted to get in touch with the MP years in the field and is a proper expert. It is a and say, “Vote for this please”, or “Please read this”, provenance issue as well; the provenance of to whom or “Support this EDM” and things like that. We got you are listening, and whether the person you are hold of the information, contact numbers and fax talking to is in a position to give you sound advice. It numbers in those days because email was still in its is a trust issue as well. infancy in Parliament, and we built a website. Jim Killock: Thinking about how we might become rather more of a big society or rather more Q234 Paul Flynn: 38 Degrees are operating this very post-bureaucratic, there are three things that were successfully now; it is Write To Them in the present touched upon in the last session which are very form. Do you think that is has a long-term effect or important here; there is a question of Open Standards. are MPs going to be able to sort out who is lobbying Obviously the Government does not want to lock them? If they are the same people lobbying them on itself into very tight, closed and impossible to get out half a dozen issues, it would not be seen as vox pop by of relationships with software vendors. Open MPs; it would be seen to be people who are strongly Standards allow free competition on that sort of basis motivated in certain directions. and that goes through the whole of the software world; Adam McGreggor: That is the case with surgeries we understand this but it is still not being done. We though, as those who have a need contact their are all still locked into Microsoft formats for Members. We have merely made a little annoying tool documents, and it is understood that that is a bad thing which is slightly better than Parliament’s own and it is understood that those companies are probably offering; we at FaxYourMP and now Write To Them creaming off extremely large profits for very little have set it up that only your constituents can contact work but we are not really pushing that hard and fast you. If you visit the Parliament site 14 years on, enough. There is a second question around Open anyone can contact their MP, according to the 300- Source. Government spends a lot of money on IT; year-old tradition. I think I remember there was when it spends that money, there is intellectual something from Bagehot about that. property being created and that will potentially be Chair: How is this relevant to our inquiry? reused and resold back to the same Government, Paul Flynn: It is interesting though isn’t it? different departments or other governments elsewhere. Adam McGreggor: I was wondering that, By insisting that IP rights are made open, Open Mr.Chairman Source offers the potential for governments to retain control of those IP rights and not to simply be charged Q235 Paul Flynn: We are told we have just entered licence fees for things that they have essentially this post-bureaucratic age, which is an idea that I am already paid for many times over. So Open Source sure thrills you as much as it thrills us. Do you see can obviously enhance competition between different the concept of IT helping to lubricate our advance into vendors using the same software; it can get you better this brave new world? returns on your investment. The third question is Adam McGreggor: Yes and no. IT can facilitate and around open data which Adam just touched on. Open IT can enable. What it cannot do is get people talking data obviously allows people to construct markets and cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Public Administration Committee: Evidence Ev 37
15 March 2011 Adam McGreggor, Andy Burton and Jim Killock analysis on that data but it also allows people to hundreds of millions of pounds to deliver, they just do criticise Government and look inside what not have the ability to come forward and even to be Government is doing, and that is incredibly important. part of that consortium. The question about analysis is also very important; if we are going to make best use of open data over time Q239 Paul Flynn: What happens when the creation then people need to have the skills to analyse that of the post-bureaucratic age comes into conflict with information and there needs to be a dialogue about it, the Government cuts? The mythology is that you cut but we should not just assume that, just because open non-frontline services, and IT is seen as something data might lead to people coming to the wrong behind frontline services, and when cuts take place, it conclusions from that data, therefore they should not is 30% here and 30% there. Does it make sense to cut be given that information. That is an erroneous and IT by the same amount because it is not seen rather short-term approach. somewhere and it is not on the frontline? Andy Burton: We can only achieve this Andy Burton: What is the point of having hundreds post-bureaucratic ideal, for want of a better phrase, of thousands of servers running at the 20% capacity? if we don’t view IT as an outsourcing solution. The There is no benefit to the taxpayer, there is no benefit fundamental thing that I keep hearing again and again to the Government, all it means is that the way in is that we are looking at IT as something that is which it is being procured—although at the time of designed and built deliberately for a Government procurement it may have been legitimate—at the point department and managed by a third party. You have we are now, is no longer relevant. So would we rather got to look at the component parts. The technological save hundreds of millions or even billions of pounds world has changed so dramatically that we are still in the way in which we procure our IT, rather than trying to build things based upon archaic keep the method going? And by the way, we can then understanding of what technology is capable of. re-invest that, because IT services in this nation today Therefore the procurement process of making the IT do not do us justice, so even if you do not want to take uphold the bureaucracy is the wrong way round. There that estimate of £4 billion a year saving and making it is not enough new thinking; there are some great as a saving, you can reinvest it in the agility. initiatives like G-Cloud out there and there is some very low-hanging fruit, to use a horrible phrase, from Q240 Chair: But the astonishing thing that one of which the Government can save considerable sums of our previous witnesses has just said is “If you want money and reports have been written by organisations value, just turn off the tap”. Do you agree with that? like the Open Computing Alliance saying that there is Andy Burton: There is no point turning off the tap about £44 billion over a 10 year period, as a unless you are prepared for the drought, that be the conservative estimate as to what can be saved, versus way that I would put it, because you have got to say the £95 million that we are talking about at the where it is that you are going. Just turning it off will moment in time. mean that you are going to end up with chaos because you have nothing to replace it with at this moment in Q238 Chair: But what you are saying is that the time. Getting to the blueprint is not that far away and post-bureaucratic age is an essential component of the G-Cloud initiative is a very credible step in that harnessing modern technology. You have got to do direction. agile development to do Open Standards and Open Chair: We will come to that in a second. Source software. There has got to be a letting go. Andy Burton: It is not about ceding control, it is about Q241 Paul Flynn: There was great distress in the providing guidance to the market. It is actually the past about the loss of private information. There were other way round, I would counsel. It is having the tens of millions of people involved in the huge loss of courage of conviction to say, “This is what we need Health Service data. I can’t remember any single case as a nation, this is what we need as a set of public where data was found and anyone was harmed by it— services”. Just jumping back to the whole identity perhaps you know of some—but I am sure that the issue, that argument got lost with the manifestation of procedures have been improved in some way. What how to authenticate a person to their online identity. was the justification for the hysteria about lost The notion of having an online identity is not a bad memory sticks that took place when in fact very little, notion, and being able to reuse it multiple times rather if any, damage was done by those losses? than having to do it in every single system is a very Jim Killock: I don’t know if no damage was done. sensible philosophy. The problem is that there is a Have you got concrete examples? lack of tangible evidence as to what the Government Adam McGreggor: Of disks being found again? No. plan is. I would use G-Cloud as your best example and the Cabinet Office is on to a great thing there. It Q242 Paul Flynn: I don’t think they found any of is a very sensible model which allows for that open them did they? Being lost is one thing. standard to be deployed; it enables you to rationalise Adam McGreggor: I don’t know of any cases but it data centres; it enables you to break the provision of is still a case of: where is this data and what is going IT down into hardware and software and when you do to happen? A vaguely comparable thing is the that, you start enabling the SME, the entrepreneurial Metropolitan Police sitting on the News of the World organisations. As Mr Rice said in the previous session, phone-hacking data. There is a wealth of data sitting there are plenty of organisations out there that have somewhere and the content of it is a hissing time the intellectual capability. The issue is, if they can bomb waiting for the release moment if it is in various only procure in the solution that is going to cost hands. If it has just fallen down the drain then it is a cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Ev 38 Public Administration Committee: Evidence
15 March 2011 Adam McGreggor, Andy Burton and Jim Killock case of what the damage actually is, where has it previous gentleman said—and you are only paying for ended up and, even before that, why it was being what you need when you need it rather than building transported. Why was it being transported and something that is for the 31 January tax deadline. It is transferred in such a way? that kind of philosophy. Without even worrying about Jim Killock: Some of that included bank details didn’t what the applications are, there is a huge saving there. it? I would imagine that anyone with bank details can Jim Killock: We don’t study these things from the engage in minor fraud of setting up direct debits and point of view of trying to deliver actual systems; we so on. are just observing what goes on. So from our perspective, what we see is that there is a huge Q243 Paul Flynn: But did it happen? Was the disjunct between the intentions of Government, what nervous breakdown by the Daily Mail justified on people within those Departments or projects need, and this subject? what then gets delivered or what these projects aim to Jim Killock: It was; whether or not concrete examples deliver. We also see the lack of expertise in in specific cases occur or not, the point is that if large Government. There were very good comments made amounts of data is getting out there, then it is a in the last session about the need for that sort of problem. It is certainly the case that, in certain expertise. We also experience that it helps instances, there has been a great deal of understanding when technologists are able to get in embarrassment, people will have been quite scared and talk to Government officials directly. The big and if your bank details are among 10 million or things for us are probably around releasing data and 15 million other people’s bank details that you know actually allowing Government data and Government have got out there, you know that is going to cause information to empower citizens. That is our worry to every single one of those citizens because particular concern, and we think that Government they do not know if there is going to be a consequence currently has the right approach about that and it or not. So worrying whether there is always going should go as far as it possibly can on that. However, to be genuine large scale harm to individuals is not in terms of the experience we have had of looking at necessarily the point, but if Government systems are the systems over the last five years, we would say that not up to the job, and they are creating risk and worry the Government has got to be very, very clear about for people, then that is a very serious concern. why it is doing things with IT and know that it has Chair: We must press ahead in the next 10 minutes. the right idea at its core, that it has chosen an objective I would just observe that it is like explosions at a that is actually needed rather than essentially driving nuclear power station; nobody gets hurt but everyone IT from a political priority that it has set. is very worried about it. Paul Flynn: I don’t think that’s true. Q245 David Heyes: Mr McGreggor, you have done Chair: Well, nobody gets killed by the radiation. some specific work on this, haven’t you? I understand Paul Flynn: There were 10,000 at Chernobyl. your hack days are designed with this in mind. Tell us Chair: Well obviously I was making a parallel. Mr about it. Heyes? Adam McGreggor: We have heard in passing from Martin Rice about hack days. I hate to correct a Q244 David Heyes: It is pretty clear from what each witness but actually these two day events were run by 2 of you have said so far that you do not think that Rewired State not The Guardian. A hack day is Government understands the potential of IT to change something that probably needs explanation here. the way it runs and delivers services and so far, the Essentially, within a given period of time, either 24 focus has been on automating existing processes. I hours, 48 hours or something similar, a specific would like to tease a bit more out of you and ask each problem is given, with some specific data, and by the of you to give some examples of how the Government end of that, depending on the number of participants could use IT to deliver services differently. You talked in the hack, you will see a number of prototypes about low-hanging fruit, so give us some examples. knocked up. So for example, you heard talk of the Andy Burton: At the most basic level, and forgetting Jobcentre ProPlus earlier, which involves Jobcentres even the applications that are being used, when you looking up and finding jobs close to you. These look at how IT is being delivered, you have effectively services are built up by keen developers on the basis got hardware, software applications—whether Open of a real need. There is actually a case for this, people Source or commercially licensed—and you have are actually going to use this; so it is built up from people managing it. Purely at the level of the way in the view of demand rather than on the basis of what which hardware is bought, consumed and used within Government wants, or what Government thinks it Government, by default, it is running at 20% of its needs. efficiency because of the silos, the way that the So that sort of approach to it results in a very rapid original technology was built, the fact that systems are process: prototype through to a fully-working designed to work at peak capacity although they do application in a very short burst of time. So that is not typically work at peak capacity and the fact that one of those things, but in order for those to function, every Department has its own IT approach. By as Jim mentioned, data release is needed. It is all very consolidating that infrastructural service, you can good to release past data, but live data will give release considerable capacity growth and you can developers a much better, much faster and a much realise considerable savings because you move away more realistic approach, particularly if there is from the capital-based investment plan into an 2 Note by witness : “Tell Us Once” (mentioned in Q188) was operational, pay-as-you-go delivery plan—as the the product of a Rewired State Hack Day. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Public Administration Committee: Evidence Ev 39
15 March 2011 Adam McGreggor, Andy Burton and Jim Killock something that you can tap in. So for example, Q246 Chair: We must bring our session to a close building a simple service for something like “When is but can I just briefly ask Mr Burton about how my bin going to be collected?” would rely on the Government can make use of the Cloud? How could Council providing up-to-date information because bin the Government make much better use of the Cloud contracts change occasionally, so there is the issue on than it does? that. Going agile, which we have heard about already, Andy Burton: I do not really believe that it is making can certainly help; you could not build a site or a hack use of the Cloud at the moment, or certainly not as a day using a traditional, project management, project conscious strategy. The G-Cloud is the formation of procurement tendering process at all; it just would not that and that initiative can provide a framework to the work. The idea for the hack day is that these things wider marketplace, bearing in mind that about 26% of come up very quickly, they are built and that is it. IT spend in the UK is made by public sector; it is a There is handover and so on to take it beyond there; major fault in the way that IT is shaped in the nation. so in our case, the intellectual property rights remain with the developers themselves, with the source code Q247 Chair: Does the Government need to own its generally being available so that people can add in Cloud? and build additional functionality. People can also Andy Burton: No, it does not need to own it at all. peer review the code so as to have some confidence in it to say whether it actually does what it says it Q248 Chair: So G-Cloud is not necessarily does. People will scrutinise other people’s code, be Government-owned infrastructure? competitive about it and come back with suggestions. Andy Burton: No, in its simplest form, G-Cloud That is improving in terms of waste by hitting at the should be providing the standard by which solutions very root of it, and the code that drives the site can be should be built and it should determine what data is collaboratively worked on. held and protected on sovereign soil. To go back to the question, it is maybe a bit harsh to say that the Government do not wholly understand the Q249 Chair: And it should be happy if its potential. Some Departments have got it right and infrastructure, G-Cloud, is used by other users for some Departments are keen. Certainly with our storing information, and for commercial use? It professional hats on, we are realising that Government doesn’t need its own exclusive cloud? departments want to run hack days; Government Andy Burton: It does not need its own exclusive departments want to go agile; Government cloud. I would counsel that there are probably some departments are thinking about how they can do stuff areas from a political and conceptual point of view— and how they can do it quickly. They go along with this idea of, “What can you do with our data? We do Q250 Chair: We won’t put GCHQ on the Cloud. not have any ideas, we have this wealth of data, build Andy Burton: Exactly. So there are issues around data us something, show us something fun, something that privacy, data security, and data sovereignty. They are ordinary citizens can actually make sense of. Show us the three key issues that the general public and what we can do.” businesses are concerned about. Jim Killock: It strikes me that, at the moment, a lot of the data sets that are being licensed or paid for fall Q251 Chair: And what do you perceive the barriers into two categories; one is basic infrastructure. When to Cloud to be? we are talking about information, things like maps and Andy Burton: If I go back to the tenor of this meeting, postcodes are really critical infrastructure, so if they a current barrier to Cloud is that procurement is not are being charged for, that is causing either social or geared up, at this moment in time, to even define how economic barriers to people really using data properly. those organisations move from classic outsourcing— The Government should identity those parts of data build a data centre, build a unique application, manage which really are infrastructure and critically important it 24/7—to building something and saying, “It had got to make sure that they are free and open to use. to conform to this standard; it has got to be able to Secondly, some of the data that is being charged for, work within this security framework and it has got to people have a tendency to license, which I feel is enable small businesses, from a software provision almost competing against the core purposes of those point of view, to be able to interface with local departments, businesses or Government functions. community group”, or whatever the case may be. The Take transport as an example; fair enough it has been lack of framework is the biggest disabler today, and privatised but the core business of train and bus that lack of framework does not advise and guide your companies is to get people on trains and buses, but it procurement process. is nevertheless quite difficult to get the data off them to advertise their services. So in a way, they are trying Q252 Chair: And presumably the existing to charge or license the data of their train and bus framework is reinforced by the existing contractual services, and that attempts to charge for the data and commitments. provides a revenue stream that actually competes Andy Burton: Correct, and something has got to give. against their core business of getting people on That is why I fundamentally believe that the initiative transport. Around a number of places where people of G-Cloud is very powerful; it just has not yet are trying to sell or license data restrictively, that is manifested itself in a way that is design first and quite a common feature. People assume that they can therefore procurement. The critical three things that I charge for data and go about finding new revenue am hearing are: on agile computing, I think we all streams when that is not really the point. agree that this prototyping and design is an important cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG02 Source: /MILES/PKU/INPUT/010970/010970_o002_michelle_PASC corrected transcript 15 March HC715ii.xml
Ev 40 Public Administration Committee: Evidence
15 March 2011 Adam McGreggor, Andy Burton and Jim Killock issue to involve in before you get into contracting; the Andy Burton: Than using Cloud computing. Correct. use of Cloud computing to get a least cost operation; Adam McGreggor: One of the things which should and the definition of Open Standards. be consistent with a G-Cloud is that data should be easy to get out as well. At the moment the trouble is Q253 Chair: And very lastly, how do you address if a Government Department wants some data out of those three qualities—privacy, security and their own systems, sometimes they could end up sovereignty—in the Cloud? paying a contractor their hourly rate3 to get the same Andy Burton: Bearing in mind the example that I data out, which is a problem when it comes to gave earlier, a lot of those issues about data leakage Freedom of Information requests and the limit on the were not actually around the central systems. They expenditure available. So if Government owns the were about data being left in briefcases or couriers not data, it can get it rather than paying a contractor to delivering it, and things like that. It was when data release its own data to it, which would then open up was in portable media that it was being lost. I would transparency even more. counsel that most data centre organisations, at least Chair: This has been a very helpful session. Are there the credible ones, will have very stringent security any other burning comments? Excellent. Well I am operations in place. There is a lot of fear, uncertainty most grateful for your help with this. It is difficult for and doubt about security in technology, and a lot of us lay people to understand some of this. I think your the scenarios we have seen have fed a public concern session has been extremely helpful in that respect, so that it cannot be done. I would counsel that it can be thank you very much indeed. done, but the issue is that you need to be clear about what you require of it, and those standards need to be enforced with any providers you use.
Q254 Chair: But we need to be far more concerned 3 Note from witness: evidence from Freedom of Information about people with memory sticks and losing their Act requests suggest that third parties may be over-quoting laptops. for these requests. cobber Pack: U PL: COE1 [SO] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Public Administration Committee: Evidence Ev 41
Tuesday 22 March 2011
Members present: Mr Bernard Jenkin (Chair)
Kelvin Hopkins Greg Mulholland ______
Examination of Witnesses
Witnesses: Mark Adams-Wright, Chief Information Officer, Suffolk County Council, David Wilde, Chief Information Officer, Westminster City Council and Martin Ferguson, Head of Policy, SOCITM, gave evidence.
Q255 Chair: I welcome you to this session about the Government policy in relation to IT and business Government use of IT. We are finding this Inquiry change or to Ministers. quite challenging but very interesting. Could you identify each of yourselves for the record? Q258 Chair: But is this not simply a failure of David Wilde: David Wilde, Chief Information Officer central Government to understand the resources that for City of Westminster. could be available to them if they were to open their Mark Adams-Wright: Mark Adams-Wright, Chief eyes and look? Information Officer, Suffolk County Council. Martin Ferguson: I think it is and again I go back to Martin Ferguson: Martin Ferguson, Head of Policy the PSN, Public Sector Network, example. There are for SOCITM and Associate Lecturer, University of assets out there, already in existence—why not reuse Birmingham. them?
Q256 Chair: Thank you for joining us. Mr Ferguson, Q259 Chair: Other witnesses have argued that the in your evidence you made it clear that you felt that real problem is the Government does not consider the central Government needed to consult local IT question during policy developments until they are government more about decisions about IT before already very far down the track with the policy. How making them. What would be the benefits of this do you think we should address that? close cooperation? Martin Ferguson: I think one of the ways in which Martin Ferguson: I would like to answer that by that could be addressed is by looking to local pointing to a particular example, which would be the government. The approach we take, which is very Public Sector Network. This was something that much of starting at the policy end of the spectrum, is: SOCITM envisaged in the late 1990s, in fact, and at what are the key policies in a particular area? What the time central Government was not a listening ear. are the policy drivers? What are the priorities that The issue arose again in the last Government’s ICT need to be pursued in terms of reforming local public strategy when the Public Sector Network was services and making local public services more proposed—so a secure network across the whole of efficient? We then drive the information requirements local public services and central Government public and business change around those policy priorities and services. The proposal was for a major procurement the technology to then underpin that, rather than of a national network. starting at the technology end of the spectrum, as we We were not consulted on that, but later on, as those would argue has been the case with many central things developed, the local CIO Council, which is a Government projects. body that SOCITM—the Society of IT Indeed, our concern, for example at the present time, Management—was involved with, put forward the is around the Universal Credit. That seems to be being proposal that actually we should be talking about a driven towards another big Government IT project, network of networks—in other words taking when we would argue that the best procurement in advantage of the networks that already existed at the terms of practice is at this what we call pan-local local level in local public services. In Kent, in level, which is a term we use in our response. From London, in Wales we have existing high bandwidth the work that SOCITM has done over the last 10-plus networks for the public sector already in existence, years in our annual IT Trends survey in local public and our argument was, “Well, why not join these up services, there is plenty of evidence that we get better on a national basis around common standards?” value for money than central Government does through big framework contracts and the like. Q257 Chair: So is this more an issue about Government operating to Open Standards? Q260 Chair: When you say pan-local, pan-public Martin Ferguson: Indeed so. We would argue that sector governance, what do you mean by that in terms there is a strong need for central Government to take of a governance strategy and our protection in a lead, but in consultation with local government. Our commissioning? Aren’t we just making things more issue is that we have this Local CIO Council that complicated for ourselves by trying to be too reports to a CIO Council—Chief Information Officer comprehensive? Council—at the national level. But we do not have a Martin Ferguson: I do not think we are because, direct line from local public services into the assuming that we have interoperability standards and development of strategy for implementing common standards in terms of architecture set at the cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Ev 42 Public Administration Committee: Evidence
22 March 2011 Mark Adams-Wright, David Wilde and Martin Ferguson central level, we can then procure against those. The Government around particular systems, services and point is we do not have those at the moment. But if what have you, but certainly nothing strategic. we procure against those, by doing it at the pan-local level you are actually encouraging a degree of Q264 Chair: So you do not feel you are going to competition in the market that is not encouraged to have joint ownership of this document anyway? the same degree by central Government procurement David Wilde: No. contracts. Martin Ferguson: We do find it quite extraordinary that there is a strategy that I believe will be talking Q261 Chair: Encourages competition? How do you about Open IT, and yet the process for developing that mean? I do not understand that at all. strategy has been closed. Martin Ferguson: Our experience is that by working Chair: I think that is called an irony. at that pan-local level—so that could be at a county level for example—you are working at a scale that is Q265 Kelvin Hopkins: What you are saying sufficiently large for suppliers to be interested in the suggests that the Government is looking only to the work being tendered, and that then invites a number ICT companies, the providers of ICT, not the users, of interested parties to tender for the work. Because and the White Paper will be dominated by providers at that level we are closer to understanding what the rather than users. Do you think they are making a big policy priorities are for the particular locality, the mistake in that respect and they should be asking local needs of the local public services in those areas, we authorities and even Government departments get a much better tie-up between the client and internally what should be policy? suppliers—a better dialogue, a better understanding— Martin Ferguson: Our view from SOCITM is which all comes back to my point that, at the end of certainly that the track record of Government in that the day, we end up with better unit costs at that scale respect is not good, and we say that in our response. of procurement than has been the case with central We can go back to numerous examples, and I think Government contracts. you are well aware of failures of big Government IT projects that are, essentially, provider led, technology Q262 Chair: My next question is perhaps more for led. Our evidence from the local government scene is the whole panel. We know that the Government is quite the reverse. Our projects are business change about to publish an ICT strategy. Has local projects, they are business led, and the technology fits government been involved in or consulted about it? within that framework of the business requirement Martin Ferguson: Certainly, from the Society of IT within local public services. We would certainly hold Management’s point of view, we have not been that up as an exemplar of the way that we should directly involved at all. We have had, arguably, be approaching— indirect involvement in that until the end of December we had a representative from the Cabinet Office Q266 Chair: You think local government is much sitting on the Local CIO Council, and last July in fact better at this than central Government? John Suffolk, then Government CIO, asked the Local CIO Council to prepare a local public services Martin Ferguson: I would argue that, certainly, yes. perspective on Government ICT strategy; in other words, taking Government ICT strategy, how would Q267 Chair: And what is the evidence of that? you implement that in practice in localities in the local David Wilde: I think it is less about the end user; it is public services arena? We have been working hard to more about purchasers. I think the aggregate spend of develop that perspective. It is actually in online local government in IT is probably greater than that consultation at the present time and offers to central of central Government. I am fairly confident about Government a parallel to, as you say, the forthcoming that. Also, I think we have a much more diverse— Government ICT strategy. I am meeting shortly with but personally I do not think diverse enough—supplier Bill McCluggage, Deputy Government CIO, and base that we procure from. All of that is being missed Chris Chant, Director of Digital Delivery, to ensure if we are looking at an inward-facing central IT that there is a good fit between that local perspective strategy. and the forthcoming Government ICT strategy. Q268 Chair: In terms of there being Open Standards, Q263 Chair: Mr Adams-Wright or Mr Wilde, have the Government are developing Open Standards and either of you been involved in the formulation of this local government is not even being consulted about ICT strategy and what are you expecting of it? what Open Standards to have. Mark Adams-Wright: No. From my perspective, from Martin Ferguson: There has not been any Suffolk’s view of the world, which is a little different consultation so far. from everybody else’s just at the moment in terms of pace if nothing else, we have engaged in a number of Q269 Kelvin Hopkins: Does this betray an ongoing discussions and debates around strategic topics with suspicion by Government, by politics, that somehow central Government, particularly around cloud public institutions—particularly local authorities—are strategies and so on. It is very much a case of a not to be trusted, whereas the private sector can be discussion around a strategy that is happening, rather trusted? Certainly this was the case, I think, under than a collaborative effort. So, for me not very much. New Labour. I speak as a Labour MP, but not David Wilde: A short answer, no. I have had some necessarily New Labour. There was a deep suspicion point-to-point discussions with individuals in central of local government and an attempt to move as much cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Public Administration Committee: Evidence Ev 43
22 March 2011 Mark Adams-Wright, David Wilde and Martin Ferguson as possible of what they do out from local political very much more opportunistic and far more control. Is that a factor, do you think, in all this? entrepreneurial than just that. Mark Adams-Wright: If I may? What I tend to find is Where IT plays a role in that is quite key in actually that there was a view, certainly from my perspective, continuing to keep what we refer to as the ecosystem that previous public organisations in the local arena around public service in place, which means as the were perhaps less professional in the IT space than council divests itself of being a service leader and the private sector. Whilst public servants continued in becomes more strategic, it is likely to still need to those roles and there was not much cross-fertilisation keep control of legal entity on some of these things, between the private and public sector that continued possibly of the data and the facts that are owned and to be the case. I think over the last five years there managed by some of these particular trusts or plcs, has visibly been a number of senior players who have however that particular organisation comes up. We see come from private IT organisations into the public ICT as the pure backbone for that ecosystem, and sector, and that has changed that feeling, but I do not what we need to do is produce a system that can work necessarily think that all of the senior officers in the across Suffolk—Suffolk plc if you like—that actually public sector have necessarily understood how that links everybody together. We are very focused on works. I come from a private background into the Open Standards and on live technologies that are public sector, and therefore bring some of that quick to stand up and easy to use and adopt; the kind experience with me that you talk about there, because of things that actually create what we would call a I do not necessarily feel I need to go to the private virtual township across Suffolk, so that it is easy for sector to get the points of view that some may still anybody within that ecosystem to do business with feel they do at senior levels. one another. Martin Ferguson: I think that is a pointer towards the fact that the relationship between the private sector Q271 Greg Mulholland: Are you using the and local public service people is actually generally opportunity of this change of approach to rethink how very good and is different, I think, in some ways from you use IT in delivering some of those services— that which exists centrally. What I mean by that is the Mark Adams-Wright: Absolutely. skill base we are talking about now for Chief Information Officers, Heads of IT, Directors of IT in Q272 Greg Mulholland: —and that is regardless of local public services has changed and is changing. who is actually delivering it? Now we are talking about people who are leaders, are Mark Adams-Wright: We are. able to work with the leadership in local public services; they are accountable; they are concerned Q273 Greg Mulholland: Have you got some with governance arrangements; they are concerned examples you could give us? with strategic commissioning and output-based and Mark Adams-Wright: Yes. Absolutely. We are very outcome-based contracts; they are concerned with risk much a traditional local authority in terms of the way and opportunity; and they are concerned with our IT infrastructure is set up—very much with thick performance management and realising benefits and applications of things. We have our major tier one savings. I think this is a different skill set and it is one applications: our Oracles, our finances, all those types that SOCITM has been very much behind developing of things. But as we look forward we know that we in the local scene. As a professional association we are going to need to be a lot leaner in the way we do see that very much as our role, so we have things. We will still need functions but we will need accreditation systems, we have a skills framework, them in a different way. Rather than being a fairly which has been expanded to take on board that linear relationship between a single entity council and strategic level of skill and competency. There is no a single supplier, we won’t be; we will be many equivalent of SOCITM in central Government. potential users of one single supplier system, so we have to change and evolve. Q270 Greg Mulholland: Mr Adams-Wright, if I We will be looking to reduce our infrastructure could turn to Suffolk? dramatically between now and 2014/2015. We will Mark Adams-Wright: Yes. never get rid of it totally, because there will still be Greg Mulholland: I would like to ask a few some niche things that will be needed within that questions, because obviously Suffolk announced that Suffolk ecosystem, but dramatically. We are pushing they are going to be outsourcing the majority of forward to work to basing all of our services on a services and saving 30% on the budget. Can I ask you private and public cloud base. We are investing in our what role you see IT playing in that very substantial public-sector services network, which is currently decision? going in the floor and will be complete by January Mark Adams-Wright: The first thing I would say is next year, which will link up all of our schools and Suffolk is not really outsourcing its services. It is our corporate sites into one network. It has been somewhat of a misnomer. What we are doing is architected and designed to then be able to leverage moving towards being a strategic council with service over and beyond to support that ecosystem as it breaks delivery moved outside of the core council. That does up. Our website is being redesigned now in a not mean outsourcing in the traditional way, in very completely different manner using Open Source much a function-to-function view. It is very much a standards, very much transactionally driven to support redesign effort around how we do certain things that the shift agenda that we have put in place, but also are required in the public space that we are completely able to be leveraged by any number of responsible for. It is not an outsource as such; it is organisations that might wish to further down the line cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Ev 44 Public Administration Committee: Evidence
22 March 2011 Mark Adams-Wright, David Wilde and Martin Ferguson in terms of the cost to stand up, the technology and one of the things that currently sits on that backbone, the ability to leverage off that single platform. which is a website called onesuffolk, which is jointly funded by the districts and boroughs in Suffolk. What Q274 Chair: How do you leverage off a county it does is it aggregates lots and lots of information council website? What does that mean? about Suffolk into one place, and it also links off the Mark Adams-Wright: We have chosen to use a back of that to other parts of the Suffolk structure. If technical standard, and we have created a platform you have a request you just go into that one place and from that standard. What we are doing in building our it then directs you to where you want to go, so you website creates what we call templated websiting; in get all your answers from one point of entry. other words somebody could take that template and at a very, very minimal cost build all of their information Q278 Chair: I am sorry; this is still a mystery to me. into that template and put it on the same backbone County councils do social services. If I am a social that we already have, which means the interoperability services user, how will I use your website differently between those sites is enhanced nth-fold from using from another county council? different technologies and different standards. Mark Adams-Wright: It is not so much that it will be different in that way. The fact is that the county Q275 Chair: What does that mean for the user? council in Suffolk will have divested itself of services; Mark Adams-Wright: It means that, effectively, when therefore, from a member of the public’s point of we get down to the nitty-gritty of what we need to do view, it can look more complicated as that goes out, in that ecosystem, which is share data— because it will not necessarily understand which particular parts of that ecosystem will be responsible Q276 Chair: Give an example of what that means? for delivering parts of those agendas. What this is So, how would a county council ratepayer or council- doing is facilitating that change to happen, to take the tax payer understand or see a benefit of that? What is complexity away from the citizen by using the IT as their experience going to be? the enabler to do so. Mark Adams-Wright: If we take one of the divested Martin Ferguson: Can I just come in and illustrate it, entities that might be looking at the personalisation forgive me, by using a personal example? When my agenda through health, and we set that up and they daughter was in her early teens she contracted ME use one of those websites and they set that up, as a and at that point, as the parents, we were dealing with citizen, when you have your personalised budget and 10 different public-service and third-sector you look how you are going to spend that and what organisations, all independently, all separately. All had services you will need from that, you will have a a separate record of my daughter. What we are talking front-door website, but all the websites where all the about here is the principle of being able to address information sits across the Suffolk system will be public services—which includes those delivered by across the same backbone. So, it will be able to source social enterprises, by the third sector and so on—with itself through those websites. the need and to be able to be channelled to the various The citizen will not get signposted and required to hit services that would be relevant, but at the same time multiple points in order to get its answer. The website for those services to be aware of each other, subject and the front door will do that all for them to link to consent, obviously, in terms of data protection, them up to where they need to be, because at the which is where standards and interoperability are moment, if you need to do something that crosses important. In that particular instance, with the across public barriers or public organisations, you education department of the county council we were need to go and hit them all separately to line up all dealing with the school, with the transport service and the information you need to make a decision as part the home tuition service, and every single one of them of needing a service in Suffolk. What this will do is had a separate record of my daughter and her current allow you to have a single entry point, and that single state of need. entry point will then allow that to all be joined back together to deliver you an answer. Q279 Chair: So, under this system there will not be a need for separate records? Q277 Greg Mulholland: Are there any specific Martin Ferguson: There would be separate records examples you could give with regards to specific but they would be capable of being joined in such a council services? Obviously, as the Chair has pointed way that the different service providers were aware of out, there is a danger with our Inquiry that we will what others were doing. become too concerned with talking about cloud computing and Agile development and all the rest of Q280 Kelvin Hopkins: This all sounds wonderful it. Of course, in the end what we are interested in is and obviously Mr Ferguson’s explanation is more how this will help deliver services and avoid some of down to earth and more understandable. Mr Adams- the costly failures of the past. So do you think you Wright is obviously a man who is on top of his job could give us a couple of examples of specific types and knows everything, but you speak in a jargon, a of services? language, that I do not really understand. I am Mark Adams-Wright: At the moment we are probably like most county councillors, who would obviously going through our divestment programme. hear you speak and say, “He is very clever; he knows It is a fairly major change agenda for the council, and what he is doing. Leave it to him.” But I am just most of the major pieces of work have not gone out thinking, like the Chairman: I have a middle-aged yet and divested. What I can use is the example of woman who has not got a computer, who is not cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Public Administration Committee: Evidence Ev 45
22 March 2011 Mark Adams-Wright, David Wilde and Martin Ferguson computer literate, but her father is developing as we try and become more lean in terms of cost— Alzheimer’s. She has to go to somebody at the council coming together with a security agenda that works and say, “‘Help.” What actually happens? She cannot more practicably. press keys on a computer because she has not got one. There will be lots of issues around data management. What happens? From a technological point of view we are building a Mark Adams-Wright: Obviously, understanding from data warehouse to bring all the data in from that my perspective as the ICT lead I would look at it from system so that everybody can use it, but there are lots a technical perspective, so it is far easier for me to and lots of complexities in doing that and we will talk about it in that light, but what the enabling have to face those challenges. Obviously, in doing all council will do—and this is the term; we call it of this, creating that ecosystem in itself and having “strategic” or “enabling” council—is it will start that people work in that interoperable way, from a process off. Now, there is an electronic route, and I political, practical and operational point of view, is have started to explain there how that might look, but going to be a big challenge. Central Government in clearly the same infrastructure will be repeated at a almost this post-bureaucratic age is going to face very very physical level by the council. They will not stop similar types of breakdown in terms of moving away being that point of contact for the individual but, from larger central costs into a more sculptured obviously, as the services are actually delivered landscape of costs, where different types of elsewhere, they can link that up, because there will be organisations are going to exist to deliver types of the knowledge base within the council to do that services and ICT is going to almost be that constant physically. that will need to keep everybody linked together, whether it be around information or whether it just be Q281 Kelvin Hopkins: But who will she go and see? around understanding who is doing what for whom. Does she go to the county hall, ring up somebody From a central Government point of view there are on the telephone—because she can probably use the going to be some difficulties in breaking down some telephone—and say, “Help.” of the older ideas of the larger organisational sets. We Mark Adams-Wright: Yes. have had to do that around our directorates, which is the map for us, and try and take that and dramatically Q282 Kelvin Hopkins: And there will be a person change the power bases, if you like, within the who will then bring help? council—being those verticals—into a far more Mark Adams-Wright: Yes. That will not change. That homogenous corporate centre. That is not without pain single point of entry will not change. It is really what and difficulty, and I think it is a journey that inevitably is happening in the background, I think, that changes, has to happen in order to move into that sort of space. rather than all of that complication, all of that linking together that currently sits within the boundaries of Q284 Kelvin Hopkins: I can lead on, if I may. I the county council, moving away into a number of understand, if I may say, that some residents of potential other entities. So, that person for the contact, Westminster cannot contact people now that things whether it be through phone, face-to-face—whatever have been outsourced and everything is electronic. the contact will be—will be responsible for linking They leave messages and nobody gets back to them, that ecosystem back together. The technology part is and the accountability seems to have gone. It is not one stream of that that supports it. Obviously, there the wonderful world that we hear: that things have is the face-to-face stream and there would also be a been outsourced and work better. They do not actually telephony stream that would be useable in that work better. Residents are saying, “We used to be able instance. to get in touch with a person in the town hall and something would happen.” Now they leave messages Q283 Greg Mulholland: A final question: I think it on answer phones and whatever: nothing happens. Is would be worth saying it would be useful, if not in the this the future: that we are all going to be talking to written evidence, to supply some specific examples of electronics and no human being, and they will not how it will improve the delivery of services for the come back to us when we leave messages? ordinary council-tax payer at a better efficiency/cost, Chair: Westminster was mentioned. I think perhaps because that is obviously what we are interested in. we will hear from Mr Wilde. Can I ask you: what lessons do you think central David Wilde: Yes, certainly. I think a lot of this is Government can learn from what you are doing in about perception at the time. I have spoken with many Suffolk? of those residents when I have been at resident Mark Adams-Wright: I am under no illusions of the committees and what have you, and there are residents difficulty and the scale of what we are trying to do. It who say, “I cannot get hold of the person I used to be breaks a number of pre-existing concepts about the able to get hold of,” but there are many other residents way that you deliver service through local that say, “Actually, somebody is answering the phone government. We face challenges that we will need to now,” so there is that balance between the two. address. Some of them are quite clear. Some of them More importantly, I think, it is not just about the are around IT security. The more widespread you phone: it is also about the internet and it is also about make your ecosystem the more complex it becomes reducing duplication of service. So, building on some to retain security and drive cost out by making it a of the stuff Mark was saying: why should somebody simpler system to use. I think there is a lot to be learnt tell us their name and address 10 times over to do 10 from central Government in terms of the IT security different services? We know it; we collect council tax agenda. That is certainly one that we talk about a lot from them. Why can’t we use that to make the process cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Ev 46 Public Administration Committee: Evidence
22 March 2011 Mark Adams-Wright, David Wilde and Martin Ferguson for engaging with us actually easier? There are issues process of sharing IT services with other councils. around, obviously, information, confidentially and What challenges does this pose to you? stuff that you can manage through that. David Wilde: It is not just about sharing the services; In terms of the outsource/in-source sort of question, I it is about deciding what the mix of outsourced and do firmly believe that the extent to which an outsource in-house is going to be as part of that as well. The is successful or not is entirely down to the extent to two, to me, go hand in hand. The challenges: we have which you manage that relationship with the supplier, some very practical challenges out there, which is in the same way as the extent to which you manage protection of individuals and information, because, in-house staff. To me, the in-house/outsource question whilst you can share IT, ultimate political is consistently in both cases about what is your quality accountability, certainly for sensitive records and most of service? What are your expectations? What is the resident records, still remains within the political cost for delivering that service? What benefit are you structures that we have, so we need to be able to going to get? You make the decision based on that. reconcile who has access to what information. That is Interestingly, in Westminster we do have a reputation not a difficult thing if you come at it from the for outsourcing most things, but there are actually beginning clearly understanding who needs to access some services—notably planning and other services— what and how best to control it and set up the right that we deliberately keep in-house, because we take security models—not particularly complex. conscious decisions that they are better operating in In terms of practical sharing of IT like the techie that environment in that way and the market, frankly, stuff—desktops, networks, all that kind of stuff—that out there is not ready for an outsourced service. to me is very straightforward. It is about commercial I have a small service of my own within IT, which is arrangements and striking the right deals in terms of the education IT service that supports primary suppliers. We have just awarded a contract for schools, which is still an in-house service and I London, a next generation networks framework deliberately keep as an in-house service because the agreement, which is led by Westminster but has been outsource options out there are double the price and deliberately designed to allow any other London local for no better quality of service. So, as long as we stick authority, and, in fact, the GLA, to buy into that with that pragmatism and the good common sense contract if it is good value to them. That, to me, is decision of that good old-fashioned combination of good sense and a good approach to the market place value—what you are getting in terms of quality of and we have very good pricing on the back of it. service—I think we will be consistent around that. The fact that we are all going to be sitting on a What does technology do in that space? It can help network from one provider is actually no different improve customer experience, but again, it will be as from the provision we have had for the last 20 years. much down to being clear about what the experience It is just the badge changes; we have three or four needs to be. For instance, complex housing benefit network providers that service London. We buy from cases do not lend themselves very well to self-service them. We do not own our own as a general rule. online. Council tax does. In fact, council tax especially lends itself well to direct debit of all things, Q287 Chair: So it would be quite difficult to so it is not purely about particular technology types. translate this experience to, say, cross-departmental working in central Government? Q285 Chair: Can I just ask of Suffolk, by David Wilde: I do not think so. I think it is absolutely transferring so much to the private sector by no different. The challenge in central Government is outsourcing so much, aren’t you losing some core to think that way. At the end of the day, if you look skills that will enable all you to understand how those at a lot of central Government IT network purchases, services work and, indeed—we see this in IT—isn’t it if we stick with the same line, you will probably find the case that outsourcing to large companies to be the prime contractors does not necessarily insulate the the vast majority are buying from no more than two purchaser from risk? or three companies on two or three sets of physical Mark Adams-Wright: Part of what is retained within infrastructure, but buying it separately. the future council will be the commissioning element of what we do, which will mean there will still be the Q288 Chair: So there is a case for centralising this? strategic element remaining in the council that will David Wilde: It is whether you centralise or create help bring all of that together, because we have learnt contracts that allow you to capture the value of scaling by the very same token that Suffolk has an up and down. outsourcing for ICT and has had for a number of years. My role as the commissioner now of that Q289 Chair: The centre needs to regulate the style service is to ensure that that continues to deliver what of contract in order to enable this to happen? the right strategy is for the council, which I define, David Wilde: Exactly. That to me is more comfortable but make sure it still offers value for money and all than centralising a network. We have had one of those of those other things, and it is delivering the services since 1997; it was called GSI and I think we saw— that remain pertinent and relevant, and that will not and there is plenty of evidence out there—as time be lost to the council because I think as a model we went on it became less value for money. I think understand how valuable that is. centralising the commercial arrangements and keeping them regularly rotated—so regularly refreshed— Q286 Chair: So, Mr Wilde, on the question of shared means you can keep on top of pricing without services and cloud computing, you are currently in the compromising service. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Public Administration Committee: Evidence Ev 47
22 March 2011 Mark Adams-Wright, David Wilde and Martin Ferguson
Q290 Chair: Now, your objective to be 100% Q295 Kelvin Hopkins: We have touched on the lack migrated to the cloud by 2015 and to have divested of in-house skill, particularly at central Government yourself of all infrastructure, does that mean people’s level and the ability to manage these big companies. council tax records are on Google Docs? What does Are they effectively prisoners of the big companies in it actually mean? that they have not got the skills to make the David Wilde: No, it means they will be in third-party judgments, but when things go wrong the services, certainly. It will not necessarily be Google companies—there are so few of them—come back and the public cloud. They will be in secure and say, “We know we have made a mistake, but give environments, but they will be secure environments us another contract and we will put it right.” They just that other authorities might be using as well. In fact, make more money out of central Government; that is if you take our council tax records today, they are what has happened in the past. actually sitting in Capita’s infrastructure in the South David Wilde: It is certainly an ongoing challenge, I East. They are not in London and they have not been think, across the public sector—both local and central for probably five years. So, we have already done Government have suffered from this—as well as the much of that. private sector, but less visibly. Some of the hardest One of the great misnomers about the cloud is the leap lessons that organisations learn is the point at which from “cloud: therefore it is Google”, whereas to me you retain key skills in-house so that you can cloud is about making good use of much better appropriately manage those outsourced services. Now, commercial infrastructure than the stuff I am looking I have worked in a number of organisations where I after in City Hall down the road, which is on some of have gone in and restructured around putting those the most expensive real estate in the country. Why key skills in place, and I am not saying they are right, would I do that? but my view on it—and they seem to work so far—is strategic leadership must stay in-house otherwise you Q291 Chair: Is there anything that you won’t be will be sold the product that your supplier wants you putting into the cloud for security reasons? to buy. David Wilde: No. Technical design authority, understanding where all your IT is, is absolutely something that needs to be Q292 Chair: Nothing? in-house, but you do not need to retain the architects David Wilde: No, nothing, not in Westminster. No. We that build the components. Security and configuration are more than satisfied with the extent of the security management is something that must stay in-house arrangements provided by commercial providers. Our because no matter how much you outsource you discussion, our debate and our decisions are based cannot outsource responsibility for managing that around whether it is UK based or whether it is EEA data. You cannot outsource the responsibility of data based—European Economic Area—or what we would controller. The other area that too often, I think, is allow beyond that, and they are very much missed on outsource arrangements is strong, information, governance decisions around compliance commercial management or service delivery with Freedom of Information Act, Data Protection Act management, which is quite often the one I see and the like. missing when I go into outsourced organisations, where they have done those key technical components Q293 Chair: So do you think the Government’s but they do not have the commercial nous to keep concept of a “G-cloud”, their own nationalised cloud, pace with what is going on with the marketplace. is mistaken for most Government data? David Wilde: Why have a nationalised one when there Q296 Kelvin Hopkins: Another potential problem, are plenty of privatised ones there already? as I would see it, both in local government and national Government, is that you get the loss-leader Q294 Chair: The Government does need to create its situation, where an IT company comes and offers you own cloud to benefit from cloud content. a wonderful package. I am not an IT specialist; I speak David Wilde: Again, I do not think so. If we look at to three gentlemen like you who can bemuse me with where much of central Government is today, much your language, and I say, “Fine, go ahead.” Then next of the infrastructure is already outsourced, and it is year you come back and say, “Actually, it costs a bit outsourced with third parties. In effect a lot of the more than we said.” You suddenly find a 50% cost Government is already part way there in terms of increase on the second year and another increase on commercial, almost cloud-based services. The the third year, and I am your prisoner. I can do nothing challenge, I guess, is the extent to which you about it. The private sector, big manufacturing collaborate across those at an interdepartmental level, companies, surely do not operate like that? and also I think the other challenge, the central local David Wilde: There are a number of private-sector government challenge, is: when do we start sharing companies that have fallen into the same trap. I think across that boundary? The most obvious examples in they probably learn the lessons a bit more quickly there are benefits. We have two large Government because the shareholders are a lot less patient and they departments responsible for means-tested benefits and want it sorted. In central and local government, we have 400-plus local authorities responsible for one absolutely: to me that is good procurement practice; sliver of means-tested benefit, which is housing that is understanding what you are buying, and benefit, and between them there are 400 housing whenever I go out to procure goods and services I benefit systems, plus these big central Government look at total lifecycle, and there are simple things that ones. you must do in that, which is nail down what the price cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Ev 48 Public Administration Committee: Evidence
22 March 2011 Mark Adams-Wright, David Wilde and Martin Ferguson is over time; be absolutely clear about things like and have performed poorly, but if you lose sight of indexation, inflation and what have you, and get that what the service is there to do, how you measure that out at the beginning. and how much it costs to deliver it, yes, costs will go The other thing to do—and increasingly we are seeing up. Again, I do not make the distinction between in- it happen in the public sector and it is healthy—is house and outsourced as a principle point. I think it is shorten the contract terms. 10-year deals: who on about consistency of how you measure that service earth knows what IT is going to look like in 10 years’ across both, and then the rest is really about value for time? With the service providers out there now—and money. It is as simple as that. this is where the cloud has actually been quite helpful—the commoditisation of IT over the last two Q299 Greg Mulholland: If I can just fire one of your to three years has made three- to five-year contracts quotes back to you—not yours but Westminster much more realistic propositions, and it is those Council’s—which is one that I think stood out from shorter contracts, frankly, that can reduce that risk of the written evidence, Mr Wilde. In the written that lock-in. evidence Westminster Council said that there was not We do have an issue in the UK—and it is common, I normally, and I quote, “a strong enough link to the think, elsewhere in the world—that public sector desired business outcome through the operational or services, because of the way quite often they have policy lead responsible. Too often IT is viewed as a been constructed over time, by their nature may have dark art or worse still something that will just deliver locked in a small number of suppliers around without needing to engage with the deliverers,” so particular sectors. One of my particular bugbears, rather poetic as well as an important point that we which I have spoken publicly about before, is in fact have explored in our other evidence sessions. How at housing benefit, where there are only two or three Westminster have you tried to ensure that there is that suppliers in the UK that dominate the market. So there strong link between IT and the actual policy—the are 400 buyers but only two or three sellers. That is business outcome that you are desiring? not a healthy environment to operate in. How do we David Wilde: We cover it in three main ways. The break that? Probably through some radical change on first one is the strategy that I wrote when I first got how we operate the service, but that is a difficult thing there. Now, that was an IT strategy that sets out the to do. infrastructure-free stuff that you have covered, but also importantly covered how we are going to engage Q297 Kelvin Hopkins: I cannot imagine General with the public; how we are going to engage with Motors—there is a big plant in Luton, where I am business, the lines of business out there. What was Member of Parliament—allowing themselves to get important was not writing the strategy or even getting into this situation when every second of the track it approved by the Cabinet Member. What was moving is so crucial. They could not possibly allow important was getting it approved by other directors that to happen; they must have had their own in- in the organisation and Cabinet itself so that they can house expertise. understand. I was challenged very hard by the scrutiny David Wilde: I think if I remember rightly General committees when I wrote it to make sure that it was Motors did get exactly in that hole a number of years reasonably plain English, your point earlier, because ago with EDS, and it cost them a lot of money to get what they did not want was tech speak. They out of it. Sainsbury’s is another example. There are a recognised the infrastructure-free principle but what number of private-sector examples. Maybe the other they did not want was detail on how it was lesson is maybe we should pay attention to what they constructed. So that was point one; that set the did and perhaps bring some of that into play in the standard; that is where we were going to go. public sector. It also set within it how we were going to engage with the rest of the organisation. Now, when I first arrived Q298 Kelvin Hopkins: I must say my prejudice is I inherited something called an IT board, which I was against contracting out—my position on the left might the chair of. I scrapped it; it was pointless. We suggest that—and indeed where services have been replaced it with four boards around four lines of contracted out they have often gone wrong. Private business: an adults’ IT board chaired by the adults’ care homes are now in a terrible situation, begging director; a children’s IT board chaired by the Government for money to keep them going when we children’s director; a built environment IT board had perfectly good in-house direct care homes, which chaired by the director that covered the built I know, because I have visited them in my environment and also worked with planning; and I constituency, all closed down. So there were direct chaired the last one, which was corporate systems, so labour organisations, which used to be superb—some HR, finances and desktops and what have you. Now of them, not all of them, used to be absolutely what was important there: I sat on all of them, which superb—that the private sector could not touch in was horrendous for the diary, but I had the business terms of efficiency, management control and leaders chairing those boards and making the whatever, and they were just brilliant. I saw them live decisions on how IT is going to change what they do. 20 years ago. All contracted out now. Is it not the case IT became an integral part of their change that costs could go up rather than down if they are programmes, which were about restructuring how contracted out? their services were going to be delivered. I was there David Wilde: Again, it is back to my earlier point, I to challenge; I was there to bring into play what IT think. I have seen examples, like you, of in-house could do, so a little bit of sales activity, but, critically, services that performed well, have been outsourced it was not me deciding what we were going to spend cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Public Administration Committee: Evidence Ev 49
22 March 2011 Mark Adams-Wright, David Wilde and Martin Ferguson money on in IT systems; it was them. That, as a result, the harshest lessons that the national project for IT— has enabled us to take significant cost out and the health one, learnt. So, I think that link—what you significantly improve services across all four areas. So want is directors general in Whitehall signing off on that is two. these things. What you want is CIOs advising them as The third part really is about demonstrating the basic to the right course of action and challenging what they IT works and demonstrating—the point on in-house are doing, but critically, those guys need to be signing and outsourced earlier—in really simple terms that the off knowing the full impact of what is going to be IT will do what it says it will do—the really basic done in terms of the bottom line. Again, Westminster stuff. The IT that I inherited when I got there had is very focused on the bottom line. very poor ratings with staff, and we had problems with public access equipment in the libraries. We spent the Q301 Chair: Mr Ferguson, you mentioned earlier first six to nine months sorting out a supplier that was that IT costs in local government, unit costs, are much failing to deliver, which was a fairly painful process, lower than central Government. Why is that and what and sorting out public access IT equipment in do you think central Government is doing wrong? libraries, because actually that had a massive impact Martin Ferguson: I think it is because at the level at on an awful lot of residents and duff kit for the public which we procure, which typically is through local is just not on: so, fixing those basic things. As a result purchasing organisations and the like, so it is local we have raised the satisfaction levels and the authorities cooperating together around particular confidence in IT to deliver in the organisation to a contracts and procurements, we are able to be much point where we could have proper conversations more flexible. For example, using reverse auctions is around the more transformational stuff. They are one particular way of procuring desktop PCs that has really the three things that we brought into play. been used in a number of situations, but a whole range Chair: A very useful answer. Thank you. of different procurement methods have been used. I Martin Ferguson: Could I just say in local think it comes back, as I say, to closer and more government that is not uncommon. Indeed we have constructive relationships with the supplier taken a step of, in local government, developing our community, a better understanding of suppliers and own methodology. Birmingham City Council has what we are trying to achieve. It is that expectation facilitated that; it is called CHAMPS2. We have that it is not about the technology; it is actually about recognised that the MSP, Managing Successful what the technology can do for the public services, Programmes, and PRINCE2 methodologies, which are and that ability to then drive costs down through a about programmes and projects IT, are not actually competitive procurement process that is genuinely appropriate for dealing with business change. So what competitive at that level. David is saying: we are starting here with policy, priorities, business change, and the CHAMPS2 Q302 Chair: And could you actually produce figures methodology provides that opportunity to involve that prove your case? staff, get the governance arrangements right in terms Martin Ferguson: We do have figures; I can make of the key people who are responsible for services those available to Committee members. making those decisions and realising the benefits and savings out of the programme of change. That is what Q303 Chair: If you could submit a memorandum to that methodology does and it is freely available—it is us— in the public domain—to any public organisation to Martin Ferguson: Certainly. use and, indeed, it is being used around the world, including Brisbane City Council, for example. Q304 Chair: —with those figures, I think that would be of great interest to us. Mr Wilde, the corollary of Q300 Greg Mulholland: The final million dollar you getting the service heads to chair their IT boards question or actually billion dollar question is: means that the Permanent Secretary of the Treasury considering the very poor record that central should chair the IT board for HMRC—or at least the Government has in terms of delivering IT projects and Chief Executive of HMRC should chair the IT not having that clearly linked to defined business/ board—or the Chief Executive or the Permanent policy outcomes, what can central Government learn Secretary at DWP should chair the IT board at DWP. from what you are doing to take forward to try to Is this your experience of what we do? improve that? David Wilde: It was not the Chief Executive that David Wilde: My challenge when I arrived at chaired any of those boards; it was the next step down Westminster was interesting and very direct and to the and I think that is what is really important, because at point. My question I asked at the end of my member the Chief Executive level, you are putting a layer up, panel was: “What do you want me to do?” To which then it is only going to come down. If you are the answer came back straight away: “Sort out the deliberately targeting at DG level, a more appropriate supplier, reduce the cost and make it work.” That is a example, if we take HMRC as an example, would be pretty clear mandate. So, in simple terms you properly the DG responsible for VAT chairing a board that has align IT to the business—properly align it—and get IT, and what IT is going to do on how you collect the business owners to sign off on what the project VAT. In DWP the person responsible for invalidity does with their eyes open. What does this really benefits or disability benefits, the DG responsible for mean? What I mean is, do not look to IT to make unemployment benefits. It is that kind or relationship, Government work better. It won’t. It can enable it but because you are closer to what the business is about it will not do it on its own. That is probably one of then and the CIO can engage in a way that can cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Ev 50 Public Administration Committee: Evidence
22 March 2011 Mark Adams-Wright, David Wilde and Martin Ferguson facilitate change. A big challenge of course, with both declare an informal interest. The chairman of Fujitsu organisations, which we do not have, is they have Europe is a very close personal friend of mine, but large delivery agencies as well. So, as well as having that is just on the record. Can I ask a final question to a Whitehall core, you have, in the case of DWP, each of you: what are the particular recommendations Jobcentre Plus; in the case of HMRC, the delivery you are looking for our report to make? If you have arms around revenue collection and the old Customs got one each, that would be jolly useful. and Excise setup. But I do not think that is Mark Adams-Wright: For me my recommendation, insurmountable; it is just finding the right people who what I would like to see is more Open Standards and are accountable for that change and putting them in a better link with sensible policies for local charge. government to link into central Government with. That is a very practical, on-the-ground view for me. Q305 Chair: So the rule should be: if your David Wilde: I would like to see an IT strategy that department is ordering the system, you should be is based around the services we deliver to the public, chairing the working party that is procuring the not around central and local government. system. Martin Ferguson: I would like to see that stronger David Wilde: Yes. link between the local and central built around—as David says, exactly that point—delivering to citizens Q306 Chair: It is not something that line what really matters to them. For example, in the management can get rid of to a systems department? Universal Credit arena we do challenge the approach David Wilde: Absolutely not. Absolutely not. that is being taken at the moment that does not take into account that wealth of expertise and knowledge Q307 Chair: Is that what tends to go wrong? that is available at the local level about how to deliver David Wilde: I think it is a major issue, absolutely benefits effectively. We need to bring those things right. Where is the buy-in to change if somebody else together to ensure a successful implementation of a is doing it? project like that. Chair: Gentlemen, thank you very much indeed. It Q308 Chair: Right, buy-in for change, because has been a most useful session and no doubt we will actually incorporating systems is about corporate think very deeply on your preferred recommendations change. as well. Thank you very much. David Wilde: It is. Absolutely right.
Q309 Chair: Very good. Finally, I should have just mentioned at the beginning of the session I prefer to
Examination of Witnesses
Witnesses: Joe Harley, Director General and Chief Information Officer, DWP, Malcolm Whitehouse, Group Applications Director, DWP, Phil Pavitt, Director General and Chief Information Officer, HMRC and Mark Holden, Director Projects and Programmes, HMRC, gave evidence.
Q310 Chair: Thank you very much indeed, from the past, and I believe in the Department we gentlemen, for joining us to give evidence to our really are learning those lessons now. We have a very Inquiry on the use of IT in Government. Can I just comprehensive lessons-learnt database, which we place on record an informal declaration of interest that share with the project and professional community. the Chairman of Fujitsu Europe is a close personal We share that database and those lessons of what has friend? Could each of you introduce yourselves for worked and what has not with new projects when they the record? emerge. We have strengthened our governance—I Malcolm Whitehouse: I am Malcolm Whitehouse, think that is a key element—through our investment Group Applications Director for DWP. committee and our change committees, and we assess Joe Harley: My name is Joe Harley; I am Chief all our key projects against the NAO’s common Information Officer for DWP and for the Government. causes of failure, and we constantly keep abreast of Phil Pavitt: I am Phil Pavitt; I am the Director that. The commercial, off-the-shelf packages we use General for Change and the CIO for HMRC. now as a matter of routine, and we break down the Mark Holden: Mark Holden; I am the Director for projects into manageable components. Projects and Programmes for HMRC. I think we are really learning the lessons, Chair, and whilst there have been mistakes in the past, I think we Q311 Chair: You are in the firing line: you get a lot are starting to get a track record now of delivery. I of flak, don’t you? Can I start by asking why you think think DWP is recognised as a department that does Government has such a bad record on procuring IT? deliver, and in recent times, with the Employment and Joe Harley: I think it is patchy, Chair. We recognise Support Allowance and more recently the State that there have been problems in the past; some things Pensions Reform, we are starting to see an emerging we could have done better with, for sure. What I do track record of delivery. There is much to do, to be believe we can do, though, is really learn the lessons honest, and capability improvement is key in all of cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Public Administration Committee: Evidence Ev 51
22 March 2011 Joe Harley, Malcolm Whitehouse, Phil Pavitt and Mark Holden that. I think we are learning on how to improve We are also in Universal Credit—and Malcolm may capability. wish to comment on this—using a different methodology called the Agile methodology for Q312 Chair: But this has been going on for 15 years, projects and programmes, and this was a with the pain of failed IT projects. What is changing recommendation from the recent Institute for now that has not changed before? Perhaps I can ask Government report that recommended Agile as a one of the other witnesses. Mr Pavitt? development methodology. We are using that, we are Phil Pavitt: Thank you, Chair. Like Joe has said, there trying to be innovative and creative, reusing what we are a number of things that are going on. Government already have, and we have a new way of doing things, is in transition. I think there have been failures both delivering things quicker, and de-risking it. in the private and the public sector; we are not immune from that. I think the challenge is to learn Q315 Greg Mulholland: I think it is fair to say that from those things in how quickly you make that there is something of a collective feeling of anxiety transition and that learning. We had a joint programme over the scale of the two big projects that are coming recently with a pensions reform programme, which we forward, because of the experiences that there have delivered to many vulnerable people in the UK, a very been with regard to Government IT. When it comes successful programme. That obviously does not get to the Universal Credit and the real-time information, quite as good press as some of the ones that have how confident are both of you from both departments failed in the past. You can come to HMRC and look that these very large projects will be successful, and at self-assessment online, which is again one of the what are you doing differently from some of the biggest used online processes: 7 million people used projects in the past that have not worked? it this year, 31 January. It is one of the busiest Joe Harley: Thank you. Could I just say that, from a websites and transactional processes in the world, and Universal Credit point of view, the project is off to a a tremendous success story used by many people. great start. We have the team in place; we have the The learning of governance, the learning of lessons in executive sponsorship there. We have strong how we procure, the learning of how we break governance now set up; we have steering groups for projects into smaller component parts is critical, and the IT component, the policy component and the that has been going on for the last two or three years, overall delivery. We have shared governance and some of the success rates you will see in the last arrangements with HMRC, and we have a ministerial 18 months are a result of us taking on those learnings. oversight committee. We have recently completed with the Major Projects Q313 Chair: But you both have a long track record Authority, the new Cabinet Office body, a starting in this field. Over that period, each disaster that gate, and they have given us a good rating on that. occurs, is that a different lesson that is being learnt, They felt that the start we have had in Universal or is it the same lesson that has not been learnt? Credit is impressive. So, a good start. What we are doing differently is the Agile approach, the reuse of Phil Pavitt: Let me start by answering that I think components that I have talked about and the early there are two things: you learn lessons both from engagement of the supplier community in helping us success and from failure. We are referring here, of move forward. course, to learning just from failure, but those Malcolm Whitehouse: I would like to just go back to programmes that are successful provide just as much the example that Joe referred to, the Employment and learning as those that do not work out so well. Support Allowance, where we learnt quite a lot in Certainly, when you talk about how well you procure, terms of both how we set out the technology to be how well you manage programmes, how good your used at an early point in time so the engagement of governance is, they are critical to get right. The big our suppliers in the programme is very clear, but also learning for us around the Pensions Reform so the technology components that would be used to Programme actually—in the previous session there make that work incorporate about 60% to 70% reuse was a lot of conversation around talking to customers, from other activity. That gave us the start point that users, the business designing it—that was very much a allowed us to be confident in both the timescale and business-led, business-designed programme. We have the estimates that we had, so that meeting the October learnt that from subsequent programmes that have also deadline in 2008 was something that we had high been successful. I think there are ways of learning confidence in. We have built on that to look at the from both success and failure over that period of time. component set that we need for Universal Credit to effectively identify those areas where we can reuse Q314 Chair: Can you give us examples of solutions things that are in place in the Department and things that address previous failures that have now proved that are in place elsewhere, and hence the relationship they can work? with HMRC for real-time information. Joe Harley: We may come on to Universal Credit, Fundamentally, one of the major challenges in Chair, but one of the things that we are trying to do delivering large programmes in Government using IT in Universal Credit that is different is to reuse as much is around the engagement with policy and with the of the IT assets that exist, rather than developing customer base, which is why we have introduced the everything from scratch. So together with the use of use of Agile as part of the delivery programme as we commercially available packages and the reuse of go forwards. This allows us to make sure that, during existing assets we are finding that reduces the risk to the short iterative developments that we are working delivery. Those are the main things that are different. through with the known technologies, we can engage cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Ev 52 Public Administration Committee: Evidence
22 March 2011 Joe Harley, Malcolm Whitehouse, Phil Pavitt and Mark Holden with our customers in early testing of the customer systems will be fully interoperable, but can I also journeys, which are part of the development specifically ask on the DWP side, if RTI takes longer proposition. That gives us the ability to really prove to develop than is hoped, are there are contingency out at a very early stage that what we are using will plans for the Universal Credit to make sure that is work, but more than that: what we are using, what we still deliverable? are putting in place, will actually work with the Joe Harley: I think one of the things that we have put customer base that we are addressing. in place that will help the overall delivery is that we are doing, next month, an end-to-end review of the Q316 Greg Mulholland: And what about the entire technology solution, from HMRC through to real-time information? DWP. This will be an end-to-end technical review, we Phil Pavitt: Let me start, and perhaps Mark will want will do it fairly frequently going forward and we will to join in in a moment. There are three or four biggest have an independent assessment of that. This will lessons we have had from both our successes and again add to the assurance around the solutions that areas that perhaps have not worked as well over the are being provided. In terms of a contingency, maybe last few years. I guess the first is around governance, Malcolm will talk about that, but any programme, of so this is very much a business-led project: business course, needs to develop contingency plans, and we are sponsoring it, running it, developing it, and as Joe are in the course of doing that. refers to, we have actually learnt from that to extend Malcolm Whitehouse: Coming back to the specific our governance between our two organisations. We question, which is the interoperability and the are already heavily involved; as day-to-day work connection between the two, we started working between us, there are over 3 billion transactions that jointly in the summer of last year to look at the go between us per annum anyway as two authorities. requirement. The fundamental requirement is around The governance structure that goes around that is the data from real-time information, which allows us critical. to understand gross and net pay, and the deductions The second part we have learnt is around business that are made as a consequence will go into the planning. Business readiness has probably been one calculation of the Universal Credit taper, as it is of the biggest areas of criticality that we have got known, but fundamentally what people will get as a wrong in the past, where often IT has arrived and the consequence of their entitlement. We agreed the business has not always quite been ready for it, and requirements set for the data at the end of last year, so in parallel to doing the technology we are actually which has gone into the development process, and working really hard on this and other similar also have started work on the non-functional programmes to make sure that the businesses are requirements in terms of scalability and performance redesigned so that they are ready to take on all the and service-level arrangements that need to be in new technology, and the new processes that go with place. that are also done just as critically. We have developed the file transfer protocols between The third area of course is reusing what we have. We the two agencies to be very clear on how we will have an enormous legacy system. Just to put into handle and encrypt the data transfer between the perspective the sheer size of what we are looking after organisations, and then as part of that planning going in HMRC, we are looking after the income of forwards we have a number of key integration points £435 billion of tax. We have enormous systems that at which we will test out the solution, which gives us are running that, and reinventing all that would be the opportunity to prove at an early stage that foolish, so we are actually using many of the assets interoperability is not a challenge. There will be a we have today to help design this answer. Mark was later point at which we will then test the actual data the leader on that programme, I don’t know whether that comes through as a consequence of employer you want to just add to that, but those are some of the payroll take-up as it feeds the information into the biggest lessons that we are learning to ensure it real-time information depository, and that will give us actually works coming forward. the opportunity to prove out at that stage that these Mark Holden: Indeed. If I can just add one other will work in practice and at scale. As I say, we have dimension to that, which is we are very much minded a number of key integration points planned over the that we need to design our services going forward course of the next two years. around our customer needs as well as the departmental and wider Government needs. So to that end we have Q318 Greg Mulholland: In terms of the suppliers a number of stakeholder forums that we have already who are delivering these big projects, did existing engaged in getting feedback on the proposals. We Government contracts mean that they went to existing have obviously just gone through the consultation suppliers automatically, whether or not they were around the real-time information, and we even had actually the best-placed suppliers to deliver this, or representations from a number of bodies on the main were you able to consider alternative suppliers who programme board, so we really are putting the might be better suited to this type of project? customer at the heart of our design and our Joe Harley: The DWP will be a bit of both. We are development process. using some existing frameworks at the moment for a range of suppliers to help us at this point. Q317 Greg Mulholland: Thank you for that. Clearly the success of the Universal Credit is partially Q319 Chair: Sorry, when you say “existing dependent on real-time information being operational, frameworks”, that means you have to go through a so can I ask how you are ensuring that the two lead supplier to access other suppliers. Is that correct? cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Public Administration Committee: Evidence Ev 53
22 March 2011 Joe Harley, Malcolm Whitehouse, Phil Pavitt and Mark Holden
Joe Harley: Not necessarily; a framework can be Aspire contract: what we gain from that is a number access to a range of suppliers that have previously of things. First of all obviously we gain Aspire; pre-qualified for a particular piece of business, so we Capgemini are the prime operator of the space I am can do both. But what we are running at the moment just about to describe. They provide us a level of is an open competition, where we have been out to reassurance that we can either provide on our side or the market, we hope to award that business in the we can ask them to provide for us, and that is what summer, and that will provide an opportunity for a they are doing for us: that lessens the bureaucracy and new contribution from the supply community, so it is gives us higher flexibility in terms of how we go to through an open competition basically. market. It also allows us, of course, to have access to Malcolm Whitehouse: What we have been working quite a few suppliers in the market. through is a capability-based framework to ensure that the supply community have the skills, the capability Q323 Chair: Allows you to have access to quite a and capacity to do the work that we need in Universal few suppliers? You are the Government. Surely you Credits and elsewhere. One of the fundamental pieces can have access to any supplier you want? of learning that we have found—and this was through Phil Pavitt: We can do, but sometimes we have to both the Employment and Support Allowance and make sure they are first pertinent, particularly of what more recent projects and programmes—is that while we need to manage and deliver. We have over 240 reuse of technical capability helps in terms of setting suppliers coming through that: managing those out the underlying infrastructure that you use to individually would be quite a heavy bandwidth for a deliver the IT to enable our business programmes, the Government department to manage, so we are using other important element is to have reuse of the skills Aspire to do that for us. and the people that have been involved in that, and so using the framework gives us the opportunity to Q324 Chair: But the problem is that when VocaLink engage suppliers that already have that knowledge and want to talk to you, they cannot: they have to go can bring it to bear. The reuse is both the components through Aspire. If you want to talk to VocaLink, you that we have but also critical knowledge that means cannot: you have to go through Aspire. that you can build on that very rapidly. Phil Pavitt: Without wishing to contradict you, unfortunately, we do meet VocaLink and many other Q320 Greg Mulholland: Are you confident that suppliers directly, face to face. They are involved in existing frameworks have meant that the procurement the programme boards to run things. Commercially, process has been flexible enough to engage the right when we say “go through” it does not mean there is a suppliers? wall between us and them. VocaLink spend more time Joe Harley: I think on the Universal Credit space, in our offices probably meeting us and our customers the open competition that we are running now gives face to face than even the Aspire suppliers, so that is flexibility, so yes. actually not completely true, unfortunately. Chair: Not completely true? Q321 Greg Mulholland: What about real-time Phil Pavitt: It is not true in that there are some information? suppliers that have no wish to meet us: they just Phil Pavitt: In terms of real-time, we are primarily provide services. But there are many suppliers who reusing most of our legacy systems for the core have innovations and ideas they want to share with revision of the service, so that has been procured us, and they can directly do that to us. through our framework agreement we have with Aspire, which is the conglomerate of organisations Q325 Chair: But they cannot initiate a relationship that serve us on the IT space. They are the experts, with you: they have to go through Aspire? certainly on the legacy engines that run PAYE and the Phil Pavitt: Unfortunately they can initiate a sheer size and scale of what we are doing. For one relationship. We have a number of ways of placing unique part of this we have also brought in through people into the Aspire ecosystem, which is a supply the Aspire contract the use of VocaLink, which again chain management process. Aspire themselves can do are the world leading experts in banking transactions that because they see some of our emerging needs at volume. So for us in terms of getting the best of over the next few years, and we ourselves can do that. breed in what we need to deliver, but also primarily I myself have placed somebody into the ecosystem using the systems we already have, because most of just a few months ago; we are not only using their ours is around reuse, for the majority of this space we services now, but we think that in the next four or five are using Aspire and VocaLink, although VocaLink years that organisation will be important to us, so they does come through the Aspire contract for the first are now in the ecosystem, directly through myself. time as part of this deal. Mark Holden: I also think it is worth adding that certainly with VocaLink, which is a good example, Q322 Chair: That has been highlighted to us as although it is, as you say, procured through that rather a problem for your department: that in order to framework, I have a number of one-to-one meetings benefit from a subcontractor like VocaLink they have with a number of senior executives through the to come through the Aspire contract. That cannot be VocaLink organisation. They are able to bring ideas, an efficient way of purchasing VocaLink services. solutions to the table, so it is not filtered through Phil Pavitt: Mark can answer the detail, because Mark Aspire. The important thing for us, for a project of has managed the commercial process through this. But this size and the level of integration between the UK’s just to set out any supplier that comes through the banking system and our national PAYE system, it cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Ev 54 Public Administration Committee: Evidence
22 March 2011 Joe Harley, Malcolm Whitehouse, Phil Pavitt and Mark Holden would be unwise for us to move away from the people Joe Harley: The Agile methodology is most useful that know those integrated internal systems and allow when one is engaging with citizens or customers a completely new person to try and integrate those on directly, where you need to have a customer-centric a national infrastructure project at this level. approach to the delivery of the product. So it involves the development, building, testing in a rapid way, so Q326 Chair: If VocaLink wanted to offer you a that you deliver solutions that much earlier. That is service and a price, you could talk to them about the what we will be doing for Universal Credit and that service and the price? is what we started last year with another project in the Phil Pavitt: Absolutely. department called the automated service delivery Chair: And there are no constraints on that project. conversation? Phil Pavitt: Not at all, no. Q331 Chair: So what proportion of your spend on new systems now, or system development, is on Q327 Chair: That is not what we have heard from Agile development? elsewhere. Why do you think that is? Joe Harley: Malcolm, you might be able to help me Mark Holden: I think there is certainly some history. with this. This is a project that has been thought about for many Malcolm Whitehouse: We started the automated years, and I know that VocaLink have been very keen service delivery programme last year, and looked at to get widespread coverage of the ideas and concepts. the best way to deliver the outcomes. Now, this is I think it is only when you get into the detail of how focused on straight-through processing for Jobseeker’s you integrate the national BACS transaction system Allowance and the very difficult areas involved in with our PAYE that some of those intricacies come change of circumstances for the first two releases, out that we have to understand where it would be very which is how fundamentally we need to understand difficult and very expensive to build a completely new what has happened to a citizen in their circumstances, standalone set of infrastructure for the project. So I their dependence or their earnings levels to be able to think it is only as we have got into the more detailed digitise, for want of a better word, but to get more of discussions that it has become clear that actually we the capability online, so we are delivering a do need both sides of the equation. self-service proposition for this part of delivering Jobseeker’s Allowance. Q328 Chair: But as we move forward to Agile To make that work what we wanted to be able to do development—and that was mentioned before, and it was to engage with our customers to understand has been endorsed by the IFG report, as Mr Harley where their challenges were in two areas. One is mentioned—surely this kind of direct conversation working with the Department: what do they need to with a larger and larger number of suppliers is the do in transitioning between states, but also in terms of future, because you are going to be breaking up and the usability of the interfaces that we put in place— modularising the development of your systems? the user interface to make that work. That has given Phil Pavitt: Indeed, and from our side, whatever us a lot of learning in terms of the approach. So far methodology you use to deliver projects—Agile or we have seen an improvement in both speed to any other—it is making sure you are gaining from delivery and the underlying cost of delivery, and that your suppliers innovation, ideas, challenges, better has given us the confidence in being able to use this prices, or even having those suppliers combining on a broader base. themselves to come and see you. One thing that We expect that in Universal Credits the Agile activity Aspire certainly does give us is that we do not have will be about 60% of the development. The remainder to go and combine two or three different supplier will be on some of the core infrastructure delivery that components to make up a whole. In fact, they are we need to support it, which will take a more already doing that for us, and are presenting us a very traditional route to development and delivery than end-to-end picture of some of our solutions going using Agile. But we have already seen the ability to forward. deliver outcomes, which means that we can see the We use a number of methods. We have innovation way that the rules base, both in the automated service process four times a year, where the businesses and delivery project and the early work on Universal HMRC meet the suppliers in the ecosystem under Credit, is showing us how the policy and legislation Aspire and discuss needs from both sides. But also translates into business rules that deliver outcomes for individual organisations are forever bringing ideas; the customer. some of them have merit, some of them do not, but they are directly into the IT department and into the Q332 Chair: But what proportion of your spend is businesses themselves. Those conversations are going now spent on Agile development, as opposed to the on all the time. old, dare I say, failed method? Malcolm Whitehouse: Can I answer that? It is 60% Q329 Chair: So Mr Harley, have you worked in this on both ASD and Universal Credits. What we did not way before—in Agile? want to do was to take a blanket approach and say, Joe Harley: We started a project last year. “Right, from now on every project and programme will be Agile,” because that requires quite a lot of Q330 Chair: Can you describe exactly what is training, so for every person that goes into our Agile different about that project compared with what you workshops we put them—irrespective of where they have done before? have come from—through a three-day learning cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Public Administration Committee: Evidence Ev 55
22 March 2011 Joe Harley, Malcolm Whitehouse, Phil Pavitt and Mark Holden activity to make sure they really understand what sits interfaces; the ability of people to take a core piece of underneath it, because it is not just a development data and do something with it—a standard to build to. methodology; it is also a culture change. It requires We currently work with just over 1,500 developers for empowerment from the people involved. developing those people who are registering in terms Chair: But did you say 60%? of their end of year, in terms of also completing their Malcolm Whitehouse: 60% on Universal Credit, and process for doing their four-year reconciliation. then when we get the understanding of how to make Also, of course, we use commercial software this work elsewhere we will start to adopt it more providers, and have an extensive use of software widely. But just to put it into context, in terms of providing things like tax online and also VAT. Again, delivering IT support for our business projects, as well we gave away the core through a set of standards to as our 15 major projects, we have about 200 very do that. So Open Source and Open Standards are small projects, about 50 to 60 medium-sized projects, pretty much the way we do business right now. and we also undertake 60 to 70 releases against our legacy applications each year. What we did not want Q336 Chair: I am going to jump ahead to one other to do was to say, “Let’s move everybody question. Unfortunately we are very shorthanded immediately,” which is a large learning activity. today because colleagues have other duties in the House and we are about to lose another colleague, in Q333 Chair: Are there barriers to Agile and Agile which case we will have to go into informal session, development? and I do apologise to you for that, but maybe we will Mark Holden: I think it is fair to say that there are get more out of you. Can I just ask about the role of areas where Agile is more suitable, particularly for large suppliers? It has become axiomatic that three that rapid development, the customer-facing suppliers completely dominate the market—it may be services— more than three suppliers—and there are far more purchasers than suppliers. HMRC, for example, have Q334 Chair: But that is a different question: do you recently renewed their contract with Capgemini; that find there are obstacles to moving to Agile locks you in until 2017. Given that we are now development where you can identify that it would be looking at different ways of working, is this a sensible a useful methodology? course of action? Shouldn’t we be looking to fragment Mark Holden: I do not think it is as much that there the market with our purchasing activity, rather than to are barriers: we could adopt it where it is appropriate. consolidate it? I think a lot of our IT-enabled business change Phil Pavitt: Well, what we have done recently with programmes are very much based on the development Aspire, this is a contract now that has been in some or enhancement of our legacy systems, which is not shape or form around in HMRC since 2004, so it is the suitable environment for Agile. So I think it is quite a long-term contract— about horses for courses. Q337 Chair: But what is the advantage of a long Q335 Chair: Moving on to Open Source and Open contract? Standards, how much success have you had with Open Phil Pavitt: I think it brings a number of things: in Source development and Open Standards in HMRC? terms of the sheer size of what we are doing—and you Phil Pavitt: Open Source has been around for some have heard very briefly about the sheer complexity in time now, and in HMRC we have been very fortunate size of what we are doing—we need stability. We need to develop a quite extensive Open Source-based set of a strong assurance and a strong reassurance about solutions. Through Aspire and through the partners what we have and what we can do for the future. that are inside Aspire, we have transformed our website—which, as you know, is one of the largest Q338 Chair: But the record of these long contracts websites in the UK, if not in Europe—to actually is first of all that you pay them to create the mess and become a completely Open Source technology. This then you have to pay them again to clear it up. is the website, obviously, which self-assessment and Phil Pavitt: Let me just try and understand that a bit so on runs through, so that is a website on which, as better. In terms of where we are, obviously we I said before, over 7 million people completed their outsource what we had to the previous suppliers, so self-assessment online. Not only is it out there in a what they are managing is what we started with in very large scale in terms of Open Source, it is very 2004. In terms of clearing things up, there are a heavily used. Some of the challenges around Open number of downsides that people describe on long- Source in the past were perhaps around security, term contracts: for example, locked in cost. Now, we around volume, around its ability to manage large have seen over the last two or three years—in fact, transactions, as we have certainly seen. We have only in 2009—a reduction in our costs negotiated with managed to combine the heavy use of Open Source our supplier, Aspire; that is all the members of Aspire, on the website side in particular also by using Open not just Capgemini. It is obviously a multiple contract. Source through very established vendors to make sure We saw a reduction of about £161 per million for the we have the protection and also get the support going rest for the rest of the period of time, so that is almost forward. That is Open Source. a £1 billion saving. So we are seeing that costs are In terms of Open Standards as far as HMRC is not actually going up, we are seeing those reduced, concerned, we believe we are the leader in the UK and we have things like benchmarking and value for Government on that. We develop Open Standards by money, which is driving down the individual cost on giving away APIs—application programming a regular basis. cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG03 Source: /MILES/PKU/INPUT/010970/010970_o003_michelle_PASC corrected transcript 22 March HC 715iii.xml
Ev 56 Public Administration Committee: Evidence
22 March 2011 Joe Harley, Malcolm Whitehouse, Phil Pavitt and Mark Holden
What we are also seeing, of course, is the other thing very low number. Are there numbers available? Are big thing about locked in: where do you get you going to tell us today, or if not could you write innovation from? Where do you get some new stuff? to us? What prevents them saying, “This is just the way it is Joe Harley: I will write to you at a Government level, always going to be.” I described to you before about for sure, on the direct and indirect. From a Open Standards and open sourcing. We are not having departmental point of view, it is a lot easier to measure that experience. Innovation is always a challenge, the direct contracts, and today in DWP about a third because we want to make sure that we innovate and of all our suppliers are SMEs, so we can measure that they innovate and we do it together, particularly with reasonably well. It is a lot harder to measure the a business. But actually, we are not seeing some of indirect and the subcontracting of SMEs, and even those downsides. Our biggest challenge will actually further into the supply chain: second and third tier, be to make sure the market can cope with someone where it is very difficult. Some SMEs come out of the sheer size of HMRC and how you manage, in this being an SME because they are growing and case, 240 suppliers. We are seeing in our contract developing, others come into it, so it is a changing there are challenges, but we are seeing much of the feast, and it is quite difficult to get your arms around. upside we want to see from it. But we are working with our suppliers on it. Chair: And yet, so little business goes to small- and medium-sized enterprises. Q341 Chair: A very last question: the Government has said that they are going to mandate that the primes Q339 Greg Mulholland: One suggestion we have will have to subcontract a proportion of the contract heard is that the Government could break up its value to SMEs, yet the evidence that we have heard contracts into smaller pieces, which obviously would already in our Inquiry is that this simply will not then help the small and medium enterprises. Is that work. What is your view about this practice? Would realistic, or would that be too much of a challenge for it not be better for you to contract directly with more the way Government procures? SMEs, rather than rely on prime contractors to Joe Harley: Yes, I think there is much more we can subcontract to SMEs, who will inevitably be subject do for small and medium-sized organisations. We to the prime contractors’ interests? really need to try and create a level playing field for Joe Harley: Well, I think we can do both. I think them, and the timescale to get procurements done is it depends on the nature of the services. I think for long—too long, I would say—and costly, not just for innovative, niche services, where we do use SMEs, Government but for suppliers, and that goes against direct contracts are fine. Where we are dealing with helping the SMEs. There is more to be done here, and large-scale infrastructure projects or large scale we can break up the contracts a bit more in a way developments it is much more difficult to see that that will help with the level playing field. We do use capability resting with SMEs. So I think that it is an suppliers, SMEs, in the Department, and some of area of more to be done, and in terms of our those are direct and some of those are indirect. But procurements going forward we will be assessing the there is more to be done, and this level playing field quality of those bids for services against how they are will help. going to use SMEs in the course of the discharge of that service. So, it is something we are going to take Q340 Greg Mulholland: Can I ask, I do not know if a real active interest in and promote. It seems it is this information is available, but is information good business to do. published on not only how many SMEs the Chair: Thank you. We will have to go into informal Government currently has direct contracts with but session. It means that we will no longer have an also subcontracts through system integration? That official transcript, but please consider you are would be very useful, because it is acknowledged, I continuing on the record, because our Committee think, by Government that historically it has been a adviser and the clerk will take notes. cobber Pack: U PL: COE1 [SO] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Public Administration Committee: Evidence Ev 57
Wednesday 23 March 2011
Members present: Mr Bernard Jenkin (Chair)
Nick de Bois Kelvin Hopkins Robert Halfon Greg Mulholland David Heyes Lindsay Roy ______
Examination of Witnesses
Witnesses: Craig Wilson, Managing Director, UK & Ireland, HP Enterprise Services, and Howard Hughes, Vice-President and General Manager for DWP, HP Enterprise Services, gave evidence.
Q342 Chair: May I thank you very much indeed for application development as an example, an important joining us today, and could I ask you to identify part of the inquiry, that is generally an open yourselves for the record? framework with several suppliers, and that is certainly Craig Wilson: I am Craig Wilson. I lead Hewlett the case in DWP and other large spending Packard’s Enterprise Services business in the UK departments. and Ireland. Howard Hughes: I am Howard Hughes. I am the Q346 Chair: What is the advantage for the Account General Manager for Hewlett Packard for the Government in giving you this exclusivity? Department for Work and Pensions. Craig Wilson: Usually those kinds of undertakings, where we are operating large amounts of Q343 Chair: Thank you very much indeed for infrastructure on behalf of departments, involve a coming today, and I congratulate you; you are the only considerable amount of investment on our part. If you major IT supplier to Government that has agreed to take the building of a very large data centre to operate come before this Committee in public, which leaves these services as an example, that might cost in the us wondering about everybody’s motives, but yours order of £100 million, and you have to have a certain are laudable, I am sure. May I start by asking if you degree of exclusivity to offset that investment over can just briefly outline what contracts you currently the lifetime of the arrangement of the contract with hold with central Government? the department. Craig Wilson: There are lots of contracts but perhaps I can give you an idea of the main ones. There is a Q347 Chair: We are going to come to Agile range of contracts in the Ministry of Defence, a major development, cloud computing and other things later, contract in the Department for Work and Pensions. but it is all a bit circular, isn’t it? You are paid to have The Foreign & Commonwealth Office is another the idea to build a big data centre and it is a very big client. Various secure parts of Government are other project, and therefore you have to have exclusivity to clients. The Prison Service is another client. We make it worthwhile for you to bid for the contract. provide technology though, as distinct from services, That is basically it, isn’t it? Is it a bit circular? to most departments and agencies, in some shape or Craig Wilson: No, not at all—only for that piece. The form. exclusivity is typically where there is a significant upfront investment involved. In those areas, in all of Q344 Chair: We are more interested in your business the contracts with the big spending departments today, as a designer and implementer of systems, because where it is really important to have a range of different that seems to be where the Government has the suppliers, all of those departments have multi-supplier biggest problem. Anybody can buy a laptop, although arrangements in place. It is very rare these days where the Government does seem to make that more there is exclusivity on the development of contracts. expensive as well. Perhaps we should talk about that The other thing of course, and in fact you touched too. Your contracts tend to be exclusive in nature, on this, Chairman, is that sitting behind these prime don’t they? You tend to be a prime contractor. contractors are a lot of other suppliers, and all of those Craig Wilson: We tend to be a prime contractor, but I pieces are aggregated by the prime supplier. Perhaps would say, generally speaking, the days when we can come on to that. departments had a single prime contractor to do everything for them are long gone. In fact, I cannot Q348 Chair: We will come on to suppliers later on. think of a single department that has not moved to Once you have exclusivity over a contract, you do some kind of multi-supplier arrangement. That would have the first bite of the cherry, don’t you, for future certainly be the case in DWP. development of work or if that project becomes more problematic? Nobody else gets a look in, do they? Q345 Chair: You still have exclusivity over that part Howard Hughes: It is worth reiterating a point Craig of the department’s work that you might be working made, Mr Chairman. In the applications development on. For example, in DWP you have exclusivity over space, where you would traditionally have numerous the area you are working on. small- to medium-sized projects rather than one large Craig Wilson: We might have exclusivity over project, most of the central Government departments operating aspects of the systems, but in terms of have more than one supplier in a multi-supplier cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Ev 58 Public Administration Committee: Evidence
23 March 2011 Craig Wilson and Howard Hughes environment. The Department for Work and Pensions Q356 Chair: Do you work out roughly what margins and the Ministry of Defence are two examples, of your competitors are making on their projects? which I have personal knowledge, where there is not Craig Wilson: In competition with our competitors, one large contract doing applications development. we are always trying to work out how much money our competitors are making to see if there are ways Q349 Chair: But you are all the same kind of that we can offer clients savings. supplier. We are going to come on to how few suppliers there are, and you have just consolidated two Q357 Chair: Is there any reason why the of the larger ones; EDS has been taken over by Government should not just make it policy to publish Hewlett Packard. The way the Government behaves prices, and put in the contracts that you should publish seems to drive out competition in the industry. your margins? Is there any reason why we should not Craig Wilson: We will come on to talk a lot about the do that? way in which the SMEs form part of the delivery to Craig Wilson: Two things: first of all the Cabinet individual departments. Would you like me to cover Office is moving, as you know, to a framework where that now? the pricing to Government clients is open and is to be shared openly, so everybody can see that. We would Q350 Chair: What I am interested in is how it support that approach. In terms of reporting the profit benefits Government to give these exclusive contracts. on individual projects, then we are as a public Craig Wilson: There are two aspects to that. One I company governed in what we can and cannot share have already mentioned, which is the offsetting of the publicly by, in this case, SEC guidelines on what an investment, because we have to recoup big investment American corporation can say locally versus globally. at the front of these contracts over the lifetime of the contract. Q358 Chair: I suspect the transparency of American The other point is that, if you take any of the large contracts is a little more open than what happens in undertakings—big systems that the Government is the United Kingdom. seeking to build—there could be scores or even in Craig Wilson: Yes, that is true and I think that is some cases hundreds of different suppliers that are something that is worth looking at. That is a part of that value chain to deliver that project. The difference. prime is usually taking the risk of joining all of those pieces together. The alternative would be that that risk Q359 Chair: I have spent several years on the is held by the departments and, generally speaking, Defence Committee. We get information about departments are not well equipped to integrate all of defence contracts that is impossible to find for the those components. By the way, I would add that this information technology sector, and yet we are is not unusual. If you think about our contracts with confronted with a Government that procures projects the largest corporate organisations, they are very that run over time and budget, time and time again, similar, for the same reasons. and then do not work. A business like yours has half of its business with the Government and seems to Q351 Chair: What proportion of your business is make very nice margins out of it. It seems to be a very central Government? unsatisfactory relationship. Craig Wilson: A large proportion is. Craig Wilson: As I have said, the margins are comparable with our private-sector business and are Q352 Chair: What proportion is it? slightly better in our private-sector business. Craig Wilson: About half of our services business is with Government. Q360 Chair: How does your performance compare with the private sector? Do you have the same Q353 Chair: How do margins compare for complexities, cost overruns and time overruns with Government business with other business? the private-sector clients as you do with the Craig Wilson: Broadly speaking, margins are Government? comparable. As it turns out— Craig Wilson: I suspected we would get that question, so yesterday I did take a look at our project database, Q354 Chair: Broadly speaking? so a real-time snapshot of projects that we have Craig Wilson: Yes; I will come to the specific point. running at the moment. To share those numbers, in As it turns out, our aggregate margin in our the UK we—Hewlett Packard—have 204 significant Government business is slightly lower than it is in our projects that are running. Of those, 24 of the 204 are private-sector business in the UK. for public sector. It turned out the percentage of those that are on track in terms of their performance to time Q355 Chair: Can you give us the figures on that? and quality in the public sector is about 88%. As it Craig Wilson: I cannot because, as you will turned out, in private-sector projects, the majority of appreciate, we are a public company, so I can only them—180 projects—it was 84%. If we look at our report figures for the corporation as a whole. What I own evidence, over hundreds and, over the period, can say is that we have shared that with OGC and the thousands of projects, we cannot see any evidence that Cabinet Office, and they are satisfied that we are not there is a worse overall performance in the public making an unusual or excess profit on Government sector relative to the private sector. We would be contracts. happy to send you a note on that. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Public Administration Committee: Evidence Ev 59
23 March 2011 Craig Wilson and Howard Hughes
Q361 Chair: Typically how long are these contracts? Q365 Nick de Bois: Fixed price is interesting. Is that What are the terms of these contracts? fixed total price or fixed hourly rate prices for Craig Wilson: It varies, but I have to say, generally consultancy and so forth? In other words, is it a fixed speaking, the overall term of IT contracts is getting price or a movable fixed price? shorter, as a global trend. It is also the case in Craig Wilson: It is both. Generally speaking, all of Government that contracts are getting shorter. these frameworks have the underlying fixed-price Generally speaking, the length of the contract is also components that you are talking about. There is a a function of the amount of investment at the front- fixed rate card; there is an agreement of how end. If a lot of investment is put in, then sometimes productivity improves that rate card over the lifetime departments allow a longer time for the supplier to of the contract; and then, in addition, most recoup these investments, but it is quite typical today departments will seek an overall fixed price for a that those kinds of arrangements are five-year particular project that— arrangements. On the frameworks for application Nick de Bois: Makes sense. development, they can often be shorter. That might be Howard Hughes: In applications development, as an a two- or three-year contract. example, over the life of a project you might have three or four milestones that have fixed prices Q362 Nick de Bois: Of your contracts that you attached, and then the framework agreement behind have—and there are two questions here—in the public that could be, as you suggested, a time and materials sector compared with the private sector, how much type of framework to deal with change. contract mission creep, growth, added value are you earning once the contracts have been put in place Q366 Nick de Bois: Is it fair to say that your planned through variations to orders, changes or problems you margin is greater on that work than it is on your may come across that therefore increase the value of original contract? the contract to you and would perhaps point to Craig Wilson: There is a difference in the margin potential poor briefing or possibly poor estimating between the infrastructure-type work, where you are from either side? The second part of my question is: operating a data centre, and project services, where how do they compare, public versus private? you are doing a particular one-off project. That is the Craig Wilson: I do not have those particular data in main distinction. The distinction is not between the my head, but I can tell you anecdotally what I think, pricing that we apply to changes. and I think that it is true that, in Government contracts generally, there is more, as you have described it, Q367 Nick de Bois: So your margin is the same, scope creep. Part of it is because of the nature of what broadly speaking? Government does, but it is true that, generally Craig Wilson: For the same type of work. speaking, there is more change through the lifetime of Nick de Bois: Alright, thank you. the contract. Howard Hughes: Just a final point: the rate card tends to be what the industry calls “blended”, which is a mixture of different types of grades and different types Q363 Nick de Bois: As a proportion of your of skills. It is not uncommon on certain rate cards for business—and when I ran a business we could look at us to make significantly lower margins, less profit, on a client contract and make estimates of how much certain rates than we would on other rates. Your extra value would come out of that, as a result of question is: are we making more on time and changes, specification or whatever—can you establish materials? No, not always. a norm? Is it 10%, 20% or 30% or are they greater? In other words, are we committing to one contract and Q368 Chair: Just two or three very little paying a lot more, for whatever reason? supplementaries: if you are operating a data system Craig Wilson: This is what I feel. My judgment is for a Government department, and then you are asked that it would be of the order of 20% or 30% over the to quote for an application development relating to lifetime of a contract. that system, doesn’t that present you with a bit of a conflict of interest? Q364 Nick de Bois: Regardless of the length of time, Craig Wilson: I am not sure why it would. do you think? Howard Hughes: No. Q369 Chair: For a start, you might have an unfair Craig Wilson: No, the development-type projects are advantage as a bidder, because you know more about subject to that kind of change. By the way, the way it; you have more inside information about the system that Government and the private sector seek to control you are going to be developing the application for. that kind of issue is that there is only a short period Secondly, we all know what consultants do, don’t we? of what is considered time and materials at the When they are asked a simple question, they say, “I beginning of these projects. At some point when the will call you back,” and then work out how to make requirements are fixed, the suppliers generally then it seem more complicated than it actually is. That is have to move to a fixed-price arrangement. There is what consultants do, isn’t it? then the allowance to charge if there were late changes Craig Wilson: Not generally, because when it starts to the requirements. Sometimes it is the case with to get more complicated, it gets a lot more difficult to Government projects that there are necessarily late deliver as well. changes to requirements. Chair: Goodie, that means more hours. cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Ev 60 Public Administration Committee: Evidence
23 March 2011 Craig Wilson and Howard Hughes
Craig Wilson: Not always, particularly if it is a Craig Wilson: There are obviously lots of reasons fixed-price contract. Our interest is in making it as why late changes can— simple, straightforward and standard as we possibly can. Q374 Lindsay Roy: Can you give us the main ones? Craig Wilson: The main one is to do with the nature Q370 Chair: Coming back to this question about cost of legislation. If you take the passage of a significant and time overruns compared with the private sector, piece of legislation, from the point of policy how do you measure that and factor in the changes in development all the way to the point at which that specification that can be added in by the client, which policy goes live, first of all you will know that I suspect happens much more in Government than in departments cannot legally start to spend at any the private sector? significant level on the development of the systems Craig Wilson: What you generally do is based on a until the legislation has achieved royal assent. What set of requirements, and what you are trying to do is may well happen is a situation where, in the overall get them as fixed and stable as you possibly can at the lifecycle for a piece of legislation, the business outset. We estimate the cost of delivering that project, changes in the department and the IT changes are and we put a small amount of contingency into that. concertinaed into less than 50% of the overall Typically in Government contracts, by the way, the elapsed time. amount of contingency is transparent, so the Government knows how much we are adding to those Q375 Lindsay Roy: It is Government induced, in contracts. A certain amount of change is catered for other words. within the fixed price. If late in the project there is a Craig Wilson: It is a function of the way that significant change in policy, for example, which as legislation is often developed. Then, as you will know you will appreciate does happen, then we have to cost better than I do, late changes can still creep in, either that and go to the relevant department with an because of changes in the legislation or many of those estimate of that. They can challenge that estimate provisions are in terms of secondary powers, and the based on the underlying cost principles that have details around those often emerge late in the process, already been established. but often for very good reasons. This is not just a failure in terms of the upfront work; some of these are clear why these late changes have arrived. Q371 Chair: We all know the Civil Service is very risk-averse, particularly when spending public money, Howard Hughes: If I were to have a go at the second which paradoxically makes things more expensive, one, it is around dependency management. It is rare in a department in a programme to have the application, but do they tend to over-specify projects and infrastructure, network, data and people change all over-specify the detail of projects, in order to try to delivered by one programme under the authority of minimise the risk? one department. There are generally some Craig Wilson: I think that is a particularly good dependencies on another Government department’s question and, generally speaking, you would hear this data, maybe a piece of legislation that needs to change referred to as gold-plating. There is a tendency to or a technology upgrade in another programme on over-specify things, but what I would say, though, is another contract. Government has recognised this and that that is changing quite considerably. it is embedding it in some of its new programmes. At the start, there is the case for the rigour around Q372 Chair: That is your job as a good contractor: dependency management between Government to tell them not to over-specify. departments and empowerment of the SRO from the Craig Wilson: That is right, because in our start to be able to say, “This is the totality of my discussions with Cabinet Office when we have gone programme, including those dependencies. I must into this detail, they have said, “Some of these things drive that.” That would be my second reason for appear to be very expensive. What is driving that change. expense; is it because you are making a premium Craig Wilson: Of course the nature of most of the profit?” What has transpired is that no, actually what difficult problems you are dealing with as legislators is driving the cost are the gold-plating requirements, is that they are cross-cutting. Whether we are talking which are not necessarily required. about social inclusion, whether we are talking about A very good example is to do with the any other part of the legislative agenda, it is very rare over-classification of information. This is the lazy that the full responsibility of dealing with that issue assumption that, for a particular community, every falls to a single department. Increasingly these piece of information they deal with has to be classified provisions, whether it is mental health or any at a level of secrecy that is higher than is necessary. provision, are cross-cutting, so the dependencies are As it goes higher and higher, that information is more increasing, just by the nature of the problems you are expensive to secure. That is just one example. I really dealing with. do think that most Departments are getting better and Lindsay Roy: We will come on to the dependency on better at identifying those areas. the expertise of the companies later on.
Q373 Lindsay Roy: What are the main reasons for Q376 Chair: Thank you very much. Before we move project changes? Are prices negotiated? Is there not on, can I just place on record an informal declaration then an undue dependency culture on behalf of of interest: the co-Chairman of Fujitsu Government, due to the expertise of the contractor? Telecommunications Europe is a longstanding cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Public Administration Committee: Evidence Ev 61
23 March 2011 Craig Wilson and Howard Hughes personal friend of the family? I just wanted to make Q380 Chair: Did you lose some money on that that clear. Can you just give very brief examples of a contract because it ran over budget and ran over time? particularly successful project you are very pleased Howard Hughes: I do not have the details of that. with? Craig Wilson: First of all, and I know that Sir Ian Q381 Chair: Would you expect to lose money on a Magee mentioned this in his evidence to you, there is project like that? a very good NAO report cited on that subject, and a Howard Hughes: Where we had committed to deliver number of the projects that are highlighted in that something and the scope of our work was very clear report are projects that we have played a part in. and we failed to deliver against that scope, then I Chair: Is this the 2006 report? would expect not to be paid. We have a large number Craig Wilson: That is right. An example that I would of payment-for-performance contracts with identify within that report would be payment Government where, when we do not perform, we do modernisation, which I think everybody agrees not get paid. worked well and had the potential to be a disaster for many of your constituents. That was handled very Q382 Chair: You still make— well indeed. Howard Hughes: No, we may not.
Q377 Chair: You know what the next question is Q383 Chair: You may not? going to be. What about JPA, for example, the payroll Howard Hughes: No, we may not, if the scope of system in the Ministry of Defence? what we are delivering is clear and we fail to deliver Craig Wilson: Yes, the Joint Personnel Administration against it. A large number of our contracts are very system. First of all, before JPA existed, the Ministry of clearly payment-for-performance, and we would not Defence had literally hundreds of disparate personnel get paid in that instance. systems, so one of the things that drove JPA, particularly in periods when we were mobilising Q384 Chair: Are you still managing that system, forces across the country, was that it was important to JPA? know what people were trained up in, how they were Howard Hughes: We are, yes. being paid and to make sure all that was correct. That was the original driver of JPA. I think, although it is Q385 Robert Halfon: In your evidence, you say that not my area in HP, that the overall savings for JPA the current financial models that align funding to have been achieved and are considerable. specific policy initiatives often result in Government paying more than it should for underutilised IT assets. Q378 Chair: That was the intention of the project Can you just expand on this? and its justification, and indeed the utility of being Craig Wilson: Yes, absolutely, because I think this able to transfer people across different services, but is a key point. Generally, if you look at the cost of this project was not a success; it ran over budget and Government IT and where that spending gets it ran over time. What were the factors that made it approved, it is to do with the spending submissions run over budget and run over time? of individual Departments, and the spending generally Howard Hughes: I am a few years’ out of date but, arrives along with the legislation that it is intended to as an ex-serving officer in the military and a member support. For example, part of the cost of Universal of the company that delivered it, EDS, firstly I think Credit would be the delivery of the IT systems to it is a great example of trying to conduct business support the Universal Credit. If you magnify that out change and technology change at the same time. across the whole of Government, it begs the obvious Hundreds of years of armed forces administrative question: where is the spending to buy the common things in a uniform, low-cost and efficient way? An rules and regulations, people change, what was illustration of this is that, as a result of the way delegated where in the organisation, where cash was generally Government deals with this question, things held—was it held in a sub-unit or a major unit— that most people would expect to be truly common, changing at the same time as the IT. like the use of data centres, networks and types of desktop systems, where in a big corporation those Q379 Chair: Wasn’t that your job as contractor to would be bought once, bought very efficiently and understand that problem and to inform the then shared across the piece, are in Government Government about the risks and build that into the bought separately by departments, generally speaking. price, rather than discover that halfway through the As a result, if you stand back from the whole picture project, which seems to have been what happened? It it looks a bit like a patchwork quilt. I think the Cabinet is like people say, “I am late for work because there Office is absolutely on to this point, and the phrase was frost on my car.” Well, in the winter you do get that the Cabinet Office Minister uses—and I know frost on your car. that he has used this phrase in evidence in other Howard Hughes: I think we can build in the IT inquiries that you are involved in—is “tight-loose component of that, and you are right to hold controls”. He is getting to the same point. This is companies to account for that. I think we can say that about being selective about those things that should there was a risk of business change and we will be be common across Government, because the variation held to account for the IT cost as part of that. I do not is redundant and Government is otherwise paying a think we can be held to account for delivering the premium price for those, and, on the other hand, those business change in the overall cost of the programme. things that should necessarily be led by individual cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Ev 62 Public Administration Committee: Evidence
23 March 2011 Craig Wilson and Howard Hughes departments along with their individual accounting identification of common standards across responsibilities for the policy. Government. There is then of course the question: once we have Q386 Robert Halfon: Is there a time lag between identified those common pieces—this is to your the announcement of a policy, procurement of an IT question about spending—how do we then get those contract and the implementation of that policy so that, assets built? What is advocated in the System Error by the time the implementation has happened, the report I think is right and it is the direction lots of technology is out of date, even though the technology other Governments have gone down, which is that, for might have been signed up to? each common piece, you identify a lead department Craig Wilson: It may not be out of date, because we and procure those assets in a way that can provide a would not recommend that Government should be on, service more generally across Government. By the if you like, the leading edge of technology all the time. way, this is not theoretical; this is a direction that the That is just not appropriate for most of what previous Government had started down. It is one that Government does. What is the case—and I made this has renewed energy with the change in Government, point before—is that, by the nature of things, you are and there are already some examples. A great example quite right that procurement is sometimes delayed, or would be something like Desktop 21, which is a at least the point at which departments can begin to common-standard for desktop services, which was spend to develop the IT is delayed by law in some originally procured through DWP but also has a more cases. The result is things are concertinaed at the end general application across Government. of the projects. Q389 Robert Halfon: Just finally, how easy is it to Q387 Robert Halfon: I am thinking of the airwave update the technology, given policy lags and system, which some of the police use, where it seems implementation, without it causing the taxpayer huge that, by the time it had all got through and was amounts more than the original contract? implemented, it was clearly outdated in terms of Craig Wilson: Generally speaking, across IT, whether mobile communications. Does this not happen across public or private sector, we are getting better and Government IT projects in general? better at decoupling those two things. An application Craig Wilson: I would not say that was a general built for a particular purpose can easily move from outdated technology to newer technology, so generally problem across Government IT projects. speaking it is getting easier. However, it is still the Howard Hughes: If you were to go back 20 years case that quite a lot of Government legacy systems, ago, IT procurement times and the nature of the these very complex transactional systems, are very technology industry were out of step to a degree, and closely coupled to the technology that sits underneath you were procuring, as an example, green-screen them, simply because many of them have been built early-1980s technology just as modern late-1980s up over many years. If you take something like technology was coming out. People were getting a Jobseeker’s Allowance or income support computer terminal on their desk and wondering why it was systems, the first parts of those systems were built in 10-year-old technology. I am struggling to see where the late 1980s. If you look at some of the newer we are seeing that now. I think they are much more in systems, with newer approaches, those things are step. I would just come back to the earlier point Craig more clearly separated out in the way the systems made: on behalf of the supplier community, we do not are built. want to deliver islands of infrastructure to different Government departments with the same requirement. Q390 Chair: Moving on to this question of suppliers, If you imagine the architecture in your head, the how many suppliers does Hewlett Packard/EDS have? infrastructure components and the network are at the Craig Wilson: I will answer globally, for the UK, and lower end, and the business processes and the apps then for Government. Across the world, HP has of the are at the top. You have recognised it, and we are all order of 160,000 different SME partners that we work quite excited about the thought of being able to build with, and we think that is the largest SME community one thing once and use it many times. That of any supplier in the world. In the UK, we work opportunity is there and is ready to be seized. with around 8,000 SME suppliers, and our business is incredibly dependent on that SME community. That is Q388 Robert Halfon: Do you think it is realistic to the first point. expect Government spending to be decoupled from The second point is that, if you want to work with a policy initiatives? company like Hewlett Packard, there is a programme Craig Wilson: What can happen now, and this is the that SMEs can join, the Developer & Solution Partner route that is advocated in the System Error report— programme. In the UK, there are 570 firms that are which incidentally we think was an excellent report— part of that programme. If we turn to Government and is also the direction that we think the Cabinet then, in every one of our big Government contracts, Office has already set off on, is that at the centre it is we would have a coterie of SME partners supporting possible to be far more prescriptive over certain delivery to a particular Department. If you take as one aspects, so the freedom that individual departments example defence and security, we have over 300 have to go and choose their own hosting, network and partners that work with us in that space. In DWP, I desktops should be limited, because it is difficult to think it is just over 200. You heard evidence yesterday see why their requirements would be noticeably from the CIO of HMRC, where I think he said they different from another department’s. That is the have 240 SME partners. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Public Administration Committee: Evidence Ev 63
23 March 2011 Craig Wilson and Howard Hughes
Q391 Chair: There is obviously great advantage to Craig Wilson: Here is another piece of real evidence. your business from employing very large numbers of Last year—we looked this up—I am told that there SMEs. were over 700 contract award notices through public Craig Wilson: Absolutely; it is symbiotic. procurement in the UK. This is public procurement for these kinds of projects. Those awards were made Q392 Chair: Is it not ironic then that, for to some 460 different companies, so that does not Government itself, we are reliably told that 80% of sound to me like a cartel. systems integration business is run through 18 suppliers? In fact, anecdotally we are told that 60% Q398 Robert Halfon: Don’t you think it is unhealthy goes through three suppliers. That puts the that you have so much of so many tentacles in so Government in a pretty disadvantageous position, many different Government departments? Going back wouldn’t you say? to this figure of 80% of central Government IT work Craig Wilson: We thought that question might come done by just 18 suppliers, don’t you think that is up, so we did— unhealthy? Chair: You started answering the SME question, but Craig Wilson: I think just over half is by the top 10. actually I was asking the other one. Craig Wilson: Let me answer the other one. We did Q399 Chair: Would you object to more open look at this; we looked at the industry data that is benchmarking? available of the concentration in public sector in the Craig Wilson: No, absolutely. This is something that UK, relative to other countries that we would compare is absolutely worth looking at. You have already ourselves with. If I could just refer to my notes, this mentioned, Chairman, that in some other countries, will perhaps help. In the study, which is a PAC particularly the US, there is more transparency around study—not Public Accounts Committee, but Pierre this, so one way in which the UK could perhaps think Audoin Consultants, which is an industry analyst about this is that, when it is letting some of these body—the average across countries, in public sector larger contracts, one of the criteria upon which you not across the whole, so it is specific to public sector, could select suppliers is the degree to which they are was that just over 57% of the total spend is going to involve the SME community in the delivery concentrated in the top-10 suppliers. That is the of those contracts. average. In the UK, that concentration is slightly below average; it is 56.7%. Q400 Chair: We will come to SMEs in a minute but, in terms of benchmarking your own costs and margins Q393 Chair: It does depend what you are measuring. against comparators, there might be two suppliers We are looking at systems integrators. competing for one contract, both of them already Craig Wilson: This is the concentration of service involved with the Department. It feels like a bit of a integrator spending in public sector, measured country closed shop in those circumstances, doesn’t it? Isn’t to country. there a case, as I think you are saying, for much more transparency, open benchmarking and openness Q394 Chair: You do not accept that the sector has about margins? become over-concentrated. Craig Wilson: There is a case for that. In the confines Craig Wilson: No, there is simply no data to support of a particular competition, the procuring authority that. I will give you some examples. In the does have access to that information, and it does Netherlands, the same ratio is 87.9%. In Italy it is compare bidders on precisely that basis. Generally 64.1%. speaking though, if you are talking about multiplicity of supply and the way in which we support that, that Q395 Chair: With how many? is not generally one of the criteria for selection. To Craig Wilson: This is the concentration; this is the your point, that is an area where more can be done. percentage of public sector spending that goes towards the top-10 suppliers to Government. This is answering Q401 Chair: You must be acutely aware how much the point about concentration. France is slightly better more expensive unit costs in central Government are, than the UK in this regard, at 53%. I think you can for example, than in local Government. That was see there is not huge variation. Certainly the UK recently highlighted within a document published by stands positive in comparison with those countries. the Network for the Post-Bureaucratic Age. Why do you think a workstation in local Government costs Q396 Chair: Some witnesses have described the only half what it costs in central Government? Whose present arrangements as a cartel; there are too few fault is that? suppliers, it is all too cosy and you all operate in the Craig Wilson: I can only speak for our contracts and same way. You encourage the customer to operate in that is not the case in our contracts. the same way and, therefore, you have effectively a protected market. Q402 Chair: Would you like to send us the figures? Craig Wilson: If they think it is a cartel, I would be Craig Wilson: We could send you a note on that, interested in seeing the evidence for that, because I indeed. What I would say is that, if you look at the cannot find any. Can I give you another piece of newer frameworks in central Government, and information? Desktop 21 is an example I have already mentioned, that is certainly not the case. I would add that, in Q397 Chair: There never is evidence. Desktop 21, Government has looked very hard at cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Ev 64 Public Administration Committee: Evidence
23 March 2011 Craig Wilson and Howard Hughes making best use of newer technologies to deliver hope you will understand I want to dig a bit into some step changes in the cost of those systems. SMEs. Can I just start by a broad-brush question: of Government contracts, what percentage of those Q403 Robert Halfon: When you are active in five contracts are actually subcontracted to or engage major departments and you have such a central role, with SMEs? going back to my question, do you not think it is a Craig Wilson: Of the Government ones, all of the little unhealthy for one company to have such a huge contracts will have some SME content and, for the influence across Government? Does it not crowd out larger ones, that could be literally hundreds of SMEs other suppliers and smaller companies? that are part of that undertaking and value system. In Chair: Isn’t that your intention, because you want terms of overall spend, if you look at the amount of the business? pounds spent with HP and how much of that goes Craig Wilson: Of course we want the business. Two through to those SMEs, it is just over 30% of the total points: first of all, there probably is a point at which that goes through to our partners. that becomes unhealthy, but we are a long way from that. The evidence does not support the argument that Q409 Nick de Bois: So 30% of our prime contract this market is overly concentrated—far from it. spend is going down to SMEs? Craig Wilson: Going to partners—SMEs and in some Q404 Robert Halfon: What is the point, as far as cases some larger partners. you are concerned, that it becomes unhealthy for one contractor to have so much influence? Q410 Nick de Bois: Could I check with you what Craig Wilson: The point at which it becomes an HP defines as an SME? Are you just going on the oligopoly, which it clearly is not. standard definition? Craig Wilson: In that definition, I think we were using Q405 Robert Halfon: That is what it is in essence, the HMRC definition, which is revenue less than because you are the largest supplier of IT services; £6 million and number of employees fewer than 50. you are in five Departments. In essence, you are an Nick de Bois: That is what we are talking about here. oligopoly in all but name. Craig Wilson: Just to be clear: the total was for all Chair: The contracts that are being let must very partners. The proportion that goes to the small much reflect your influence, operating philosophy, the companies that meet that definition is somewhat systems you have already installed and the way that smaller, but it is still significant. you have interacted with personnel in Government departments, so it becomes an introverted process. Q411 Nick de Bois: That is all partners on a Craig Wilson: If the evidence supported that, there Government contract, so not just HP’s. would be a point there but, if we go back to the Craig Wilson: Correct, and we could provide you with contract award notices that I mentioned—over 700 in a note. I have not looked at that yet. 2010—I think Hewlett Packard won four of them, so that does not sound like a collusory cartel. Q412 Nick de Bois: On HP? That would be helpful, so we will not draw any conclusions from that until Q406 Robert Halfon: You are big in five we have seen the note. In the industry everyone agrees departments and you are the largest supplier of IT with the Government’s wish to divest into SMEs as services to the Government. That makes you pretty much of these contracts as we can, but there seems to much an oligopoly. be some unease that basically it has been left to prime Craig Wilson: To be clear, to take all of those contractors to do that job. I am talking about your departments you mentioned—and DWP might be industry and the feeling that there are some barriers something of an exception here, because we are a to the success of this. Can I just briefly explore those major supplier to DWP—we are one supplier barriers? When you are awarding SME contracts, are alongside many. It is not that we are providing all you doing it to an approved supplier base or are you the IT. going in on a tendering basis with each of the SME Robert Halfon: You are the largest supplier. contracts? Chair: What about the value of these contracts? Craig Wilson: It can vary. I mentioned the Craig Wilson: If you put it all together, we happen to Developer & Solution Partner programme. We have be the largest supplier to Government and there are some SMEs that, if you like, if I can use this lots of large suppliers. expression, are inked in, so they are part and parcel of how we deliver our services. For a particular Q407 Chair: Are the figures you have been giving undertaking, where we have a special requirement as us about number of contracts or about value? Were part of that project, then we go through an additional those international comparisons about percentage of tendering process for that kind of provision, so both. value of contracts or about numbers? Craig Wilson: That was value. Q413 Nick de Bois: How much of that 30% of you and partners is actually open to new tenders and new Q408 Nick de Bois: Could we turn to SMEs, which suppliers with each new contract that comes along, or I think you were keen to talk about anyway, judging an ongoing contract? by your references to them? Again, let me just Craig Wilson: I would have to let you have a note on reiterate in many ways how pleased I am that, as a that. What I would say generally, and this applies in business, you have come here to this meeting, but I private sector and public sector, is that the tendency cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Public Administration Committee: Evidence Ev 65
23 March 2011 Craig Wilson and Howard Hughes is going in the opposite direction to the one you are Craig Wilson: I mentioned first of all that a company pressing, and I absolutely understand why you are like ours is completely dependent on our partners and pressing in this direction. If I look at our major suppliers, so 8,000 in the UK. The programme that private-sector clients around the world, the world’s companies join all the time has 570 suppliers, which largest corporations, then every single one of them is is the Developer & Solution Partner programme. That trying to reduce the number of suppliers. is free to join; any SME that is even watching this evidence would be welcome to join that programme. Q414 Nick de Bois: I accept that and I will come to In the nature of business—and of course you will have that. I am coming to that, because I would like to talk taken evidence from various SMEs, I imagine—if in to you about your procurement process of the SMEs, that process you have not been selected, then you will because invariably this can lead to barriers to SMEs complain bitterly about the process. We could equally engaging. We will just follow my thinking a little bit give you evidence from the SME community that does longer of your opening up to new SMEs, to new very nicely out of the— contractors. For example, when your procurement departments kick in, how wide are your tenders? What Q416 Nick de Bois: Actually, do you mind if I is the investment cost/return basis for a provider? Are interrupt? I do not think that is really my question. they having to compete with 10, 20 suppliers? Do you What I am actually saying is: could you, for example, have smaller, narrower bases? How complex are they? point to some evidence? What is the churn of your Are you effectively putting in barriers, maybe without SMEs? How long are they with you? Are they leaving realising it, to SMEs? you quite quickly? Do you have long-term SMEs? Craig Wilson: Our interest is always to get the very The point I am making is it is all very well inviting best value for HP, which we then need to pass on to lots of people to submit a reason to come and work our clients, so the answer is that it would vary from with you, but what is the evidence at the end of the category to category. In some cases, with the sorts of day? How easy is it to become a new SME provider things we are procuring, the simple fact is there are to you and obviously to others in the industry? Is there probably only a handful of companies that provide evidence to support your claim that it is pretty much that particular type of capability. In other cases, it is a an open process? very general capability. A good example would be Craig Wilson: I do not have the numbers in my head. people who are providing contractors to HP; there are Let us pull those numbers together for you and let you hundreds of those in the UK. We would seek, through have a note on that point. What I can say is that I get an open procurement process, to narrow that down to approached every week by SMEs that have some new a manageable number—fewer than 10. idea, and they are not always existing partners of HP. Howard Hughes: Could I give a couple of When you get into a formal procurement, then they perspectives? If I just flip what you said around probably feel it is slightly bureaucratic, by the nature slightly, in some cases, particularly on the large of these things, but I am not aware of any barriers programmes where for either security reasons, the that we erect to SMEs doing business with us. On the scale of the programme or the speed of the contrary, we want more SMEs and we are anxious to programme, actually contracting through a large prime get them. means the barriers could be lower, because you would not expect a 10-person infrastructure management Q417 Nick de Bois: I am conscious of time. Let me company in Sheffield to be able to meet all of the just ask you one more question: are you aware of Government’s obligations around dealing with practices, incidents in your company or other industry protectively marked material, certain contractual companies, where SMEs have, as part of a bid flow-down obligations from Government. The prime process, provided effectively what is an intellectual would hold theirs at their level, engage with the SME, property right as part of their solutions, as part of a engage with the subcontractor, but not flow all of bid process, which they have subsequently gone on to those issues down. see being taken on board by a prime contractor, Certainly on some of the larger programmes, you without themselves being hired to do it? Effectively would get more and quicker traction with the SME the idea is taken from the bid process and then community through a large prime, than you would if becomes part of an in-house process. To be clear, are you were trying to manage the 300-plus you aware of any practice in your business like that subcontractors. In a large infrastructure programme, or within the industry? you need hundreds if not thousands of moving Craig Wilson: No, I am not, which is not to say that components. We embrace local subcontractors and there will not be examples somewhere. Let me explain small companies, because they tend to be very Agile why I am pretty confident that it does not happen and come with some innovation as well. They come generally. It is because IP, as you will know, in with some good ideas. contract law is generally an uncapped liability, so the penalties, if any supplier is caught using illegally Q415 Nick de Bois: That is my point. If I was to another supplier’s intellectual property, can be look at your supplier base, you have talked about extremely severe. narrowing your supplier base, which obviously would lead to frustrations for many businesses, but I get it; I Q418 Chair: If you were a five-man-and-a-dog understand why you are doing that. How many new company, would you counsel them to litigate against ones are you actually taking on? How easy is it to Hewlett Packard? Realistically, we know this must be expand the SME base in your business? a temptation. One of your managers must say, “Oh, cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Ev 66 Public Administration Committee: Evidence
23 March 2011 Craig Wilson and Howard Hughes that is an extremely good idea. I will pretend it is argued that the Government gives contractors the job mine.” of telling it what it needs to buy from them. Is that Craig Wilson: What I would also say is that, if your still a fair assessment of the situation? business is dependent on it, the answer to your Craig Wilson: I do not think that is a fair assessment. question is yes. First of all, Government’s general approach to this question is not very different from the approach taken Q419 Chair: That is the point, isn’t it? You are not by the vast majority of large corporate customers. In dependent on it. terms of its approach to using outsourcing, the Craig Wilson: No, for the SME. delivery of a lot of what it needs is pretty much the same; it is not different in that regard. The other point Q420 Chair: Yes, but the point is you are not I would make is that Government, particularly in dependent on the SMEs. recent years, has got much better—and you took Craig Wilson: In aggregate, we are dependent on evidence from two of them yesterday—at taking them, in the sense that we cannot do what we do exceptionally good skills from the private sector and without their help. bringing them into Government at a leadership level, so that is another factor. Q421 Chair: There must be a temptation also that, The other point is, if I look back over my nearly when you tender something to SMEs, if you find you 30 years around this particular question, some of the can do it cheaper in-house, you do it cheaper in-house. most effective leaders in Government have not, as it You would, wouldn’t you? turns out, come from the IT profession. They are Craig Wilson: If we can do it cheaper in-house, then people who have come from the individual we would do, but your question was about the use departments, and they are effective because they of IP. understand, in a first-hand way, the business workings of those departments. Generally speaking, I do not Q422 Chair: You cannot really guarantee that this think it is the case that there is a big skills problem. 25% is going to go out to the SMEs, can you? With that said, there are certain areas of skill that need Craig Wilson: We are going to provide you with a to be protected inside Government and should not be note saying exactly what does go out. reliant on outside advice. We set some of those out in our evidence to the Committee. Q423 Chair: You cannot guarantee it, can you? Craig Wilson: No, I was not seeking to guarantee it. Q427 Kelvin Hopkins: Had Government had a Chair: No, but I think it is an important point. powerful in-house IT facility, cross-departmental, able to advise departments as well as within departments, Q424 Nick de Bois: Just one final question, sorry. then we would not have had these series of disasters Regarding barriers to SMEs, could I ask you about in the public sector over many years and we would your payment terms to SMEs? Do they reflect the not have had the vast additional costs, cost overruns same payment terms that you are getting from and whatever that have taken place. Is that fair? Government? Are they more favourable or less? Craig Wilson: No, I do not think that is fair. It could Craig Wilson: That is a very good question, because well have helped on occasion but, generally speaking, the answer is they do not always reflect what we enjoy I do not think that is a root-cause issue in terms of from Government, and that is a very good point. The individual project failure. There are some key skills reason that this occurs is because the procurement that Government does need to protect inside that process is decoupled from the contract piece, as it is cross-cutting piece, which we have mentioned but, if in all large companies, by the way. I think, and you look at the generality, Government does not need Government has been active on this particular point, thousands of civil servants doing that work, and that that Government is right to press all large suppliers to would not be thought of as orthodoxy in other types pass on those favourable terms. We should not be of engineering. Government does not keep thousands taking advantage of the leadership Government is of architects in-house; it does not keep thousands of showing in the way in which it has set standards nuclear power station experts in-house. Why would around payment terms. that apply to IT?
Q425 Nick de Bois: It is cash flow advantage to you, Q428 Kelvin Hopkins: It is not numbers; it is about with all due respect. You do not need it as much as skills. You have a strong power relationship with SMEs. SMEs. If Government had the same kind of power Craig Wilson: That is exactly right and, where those relationship with you, they could keep you, in a sense, examples come to light, I am happy to take those up in line better; they could have made sure that things and see if we can get those adjusted. did not go wrong. They would have kept costs down Nick de Bois: I hope that is the case. and made life a bit more uncomfortable for you and Chair: That is a good sentiment. Thank you for that. made it more demanding for you. At the same time, Moving on: skills. it would have been better for the public purse and better for the public interest. Q426 Kelvin Hopkins: Has the Government’s Craig Wilson: I think that is a good point, but it is tendency to outsource its IT needs left it without the precisely what Cabinet Office is acting to do. I know skills it needs to be an intelligent customer that is able you will be taking evidence next week from the to manage its contractors. Computer Weekly has Minister and Ian Watmore on precisely that, but I can cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Public Administration Committee: Evidence Ev 67
23 March 2011 Craig Wilson and Howard Hughes tell you that they are taking a much more controlling buyers, means the margins go up. Our concern is that interest in the way that they manage individual you are able to sell them far more than they probably suppliers—for example, with the appointment of need, to make things more complicated than the Crown leads for individual suppliers, so one senior Government really wants them, so that you get more official who understands the totality of the business business at the same margin. Is that unfair? suppliers like Hewlett Packard do with Government, Craig Wilson: It is back to this point about redundant so they can see all of the moving parts and drive us variation, so it is fair in the sense that some of these to deliver more and more efficiency across the range things that should have been in the past aggregated at of what we do. What you are describing is understood the centre were not. The result is that overall spending and consistent with what the Cabinet Office is trying is higher than it needs to be, and we have made that to achieve. point in our evidence.
Q429 Kelvin Hopkins: Are you saying that they are Q433 Chair: Would you agree with this statement: now effectively—and I say “effectively”—closing “We are complicit in the services sector as well doors after many horses have bolted, but the doors are because suppliers should have the experience and the being closed at last? gravitas to push back when they know things are not Craig Wilson: I think the doors are being closed. I right. Too often they go along with things because would add by the way that the dialogue that all of the they have got a contract, and this is the only means big suppliers are having with the Cabinet Office is not they have of being paid.” Do you remember those notably different from the kind of dialogue we would words? expect with a big commercial organisation. You might Craig Wilson: Of course I would agree with them; I say “at long last”, but they are very determined, I can think they were my words. tell you, in those discussions. Chair: They are, yes. Craig Wilson: I think that is the case. In the past, Q430 Kelvin Hopkins: One last pointed question: do some of these relationships were a little bit cosy with you think the Government’s lack of skills means you individual departments, but CIOs, departments and the are able to secure a higher price for your services than centre have recognised that. It is beholden on might otherwise be the case? suppliers, particularly the larger suppliers, to take Craig Wilson: If that were the case, then we would more leadership around these issues, which is what I be making a premium profit. There is a point that we was referring to in that quotation. have touched on before, which is back to this point Chair: Thank you for your candour. about both the patchwork quilt—the separation of things into individual pieces, so there is redundant variation—and the other point is about gold-plating, Q434 Robert Halfon: Could I just make a very brief which we have mentioned. In terms of skill, no, I do comment on my colleague’s questions? In essence— not think so; I think Government has some excellent we were talking about in-house—you have become a skills in terms of procurement and leadership now de facto in-house supplier of IT to Government, so around these issues. the question of whether you are in-house or not is immaterial. Going to Open Source, how much of the Q431 Kelvin Hopkins: It was suggested earlier that IT work that you do for Government uses Open a workstation in central Government costs twice as Source standards? Could you set that out briefly? much as a workstation in local Government. That Craig Wilson: I do not know what the percentage is suggests that something has gone wrong somewhere but, first of all, we are big advocates of using Open and someone is making more money than they might Source. Open Source solutions are available on all of otherwise do if it were better managed. our computer systems. All of our printer software is Craig Wilson: I can only tell you what we see, and available for Open Source solutions. We will routinely that is not the case. I am going to let you have a note in Government bid an Open Source alternative when on that. There is a point here though; there is a point we are asked to bid for work, and we can point to and we have already made it, which is that, once various examples of those. Government has decided on one of these common However, generally speaking the case for Open assets or, in the language of the Cabinet Office Source is hugely overstated. The reason for that is, if Minister, tight controls versus loose controls, having you look at the big projects, any of the big spending decided that something needs to be tightly controlled, in Government, the element of the total spend that is like for example the provision of desktop services or perhaps meetable with an Open Source solution is a hosting services, the bit that follows is a determination tiny component of the overall system. There is no to use that aggregated procurement vehicle across Open Source version of Universal Credit or Government. That is still an area where there are self-assessment. question marks. Government does have some of these very efficient procurement vehicles already in place, Q435 Robert Halfon: There could be. There was a but they are not used across all Departments today, Government policy announced on Open Source in and that is something that the Cabinet Office is 2002, then another one in 2009. There has been a beginning to get after. significant lack of progress, and isn’t the reliance on proprietary software and in particular the limited IT Q432 Chair: Before we move on, I do not think our suppliers, such as yourself, the reason why Open concern is that the Government’s lack of skills, as Source has not been developed? cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Ev 68 Public Administration Committee: Evidence
23 March 2011 Craig Wilson and Howard Hughes
Howard Hughes: I think it is all about risk. At the what the authors described as “platform” and what lower levels of a system, in the network, in the they described as “Agile”, but they are using those platform, you will find all of your Government words to engender much bigger concepts. To your departments, to a greater or lesser degree, have point, in the Agile space, the Government could do embraced Open Source operating systems on their far more by simply opening up some of those, the infrastructure. For most providers, whether or not it is term is, application programming interfaces. HP, IBM or Oracle, you can now ship their platform with a form of Open Source operating system on it. Q441 Chair: That requires mandatory Open We have groups of people supporting UK Government Standards. Don’t you really need the Government to projects with Open Source skills, because the risk at lay down a specification for Open Standards, from the that lower level of the architecture is perceived to be centre, across all Government departments? very manageable; we can train the people to support Craig Wilson: Yes and increasingly it is going down it. As an example, the Linux operating system has a that route. long track record. The Department and us are happy to take that risk. Q442 Chair: It still has not done so. Craig Wilson: Well, there are some very good Q436 Robert Halfon: When I asked you, you could examples of Government opening up data and, as a not tell me how much Open Source you have. Is it not result, the supply community generally coming up in your interests to discourage Open Source, because with some very innovative solutions. The it means that people are not tied up in your software often-quoted example is in train timetabling, but there and, at the moment, they are chained to what you are lots— supply? Craig Wilson: It is a good question but, if I may, it is Q443 Chair: That was the private sector, of course. a very mixed picture. This comes back to Howard’s Craig Wilson:—that have gone down that route. It is point about overall risk. In some cases the advantage against the context in which Government said, “We is, for some types of component, it is very cheap or want to open that data up.” Ordnance Survey would even free but, generally speaking, you need more be another example, but those are trivial examples. effort to make all of the pieces work together. I assume that, if you took a straw poll in this room, Q444 Chair: It is not just opening up the data; it is even though we could all use free software on our opening up the interaction with the services. You computers at home, we probably do not. Most people might go to a variety of different websites to order a here would not use Linux and OpenOffice on their television licence or whatever. home computers. Craig Wilson: Absolutely, and I think you will see more of that. Sometimes you will hear the phrase Q437 Robert Halfon: They are going that way. Web 2.0 as an umbrella phrase to capture that thought, People are moving towards cloud computing, away but that is precisely the idea: that Government should from Microsoft. not determine all of the ways in which that data might Craig Wilson: That is different. Cloud computing is get used. On the other hand, the other part of the not the same as Open Source software. If you take distinction is that clearly all of that is also dependent Google, for example, it is free—that is true—but it is on the underlying platforms that have to be also proprietary. We have to make a distinction, I transactionally correct. think, between cloud computing, which is an important issue in its own right, and Open Source. Q445 Chair: I accept that, but can you envision a They are not the same thing. Tesco, Post Office or Amazon website providing access to Universal Credit? If you put in the right Q438 Robert Halfon: They are similar in principle. information and provide the right assurances, you will Craig Wilson: No, not at all. get your Universal Credit. Howard Hughes: Conceptually, absolutely yes. I Q439 Robert Halfon: Would you be able to supply think we have skated over three or four subjects there. the Committee with a note on how much work you do Chair: I am a customer, not a technocrat. for Open Source? Howard Hughes: Should the Government and the Craig Wilson: Absolutely. supply community open up standards to allow people—let’s just use the words “Government Q440 Chair: Shouldn’t we be experimenting with cloud”—outside of the Government cloud to write completely different concepts—that actually applications to integrate into back-office Government Government is a data and services warehouse, and we systems. Absolutely. In that example, would it be a should hand over the interface with the public to a great way to drive up adoption of Universal Credit by plethora of different suppliers, so we want to design having applets that the Post Office, Tesco, Sainsbury’s bespoke websites for different client groups? Why and Waitrose could utilise on their own website? does it all need to be centrally controlled in the way Absolutely, why not? Should we encourage that use it is currently? from our community as well? Why not, because some Craig Wilson: It does not, Chairman, and I think that of those companies are our biggest clients? is a very good point. It is the central point that Ian Craig Wilson: What enables that kind of choice is a Magee and his colleagues were making in the System very clear definition of the other part of it, which is Error report. We have to make a distinction between the platform piece, where you do have to put very cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Public Administration Committee: Evidence Ev 69
23 March 2011 Craig Wilson and Howard Hughes strict controls around data that need to be kept private. if I may. There was one vocal critic who suggested it You would expect the calculations to be done was a bit of a one-sided approach from the accurately and done once. The other side of it is the Government that basically would not allow any Agile side, where we could open up those kinds of simplification of the systems or attempts to allow you services. The idea that these communities are going to to drive down the work you have to do a little in return be drawn to a Directgov website for all this kind of for driving down the costs. Was that fair? Did you interaction is quite an old-fashioned idea. think the process was one-sided? Craig Wilson: No, not at all. To that very point, I Q446 Lindsay Roy: Very briefly, how does think it is where the conversation might have started Government become a more intelligent customer? In off, but it is certainly not where the conversation your evidence, you list the skills that you think ended up. In our case, we can probably share more of Government should always have in-house. Do they that detail with you than you might suspect. Our have them? Is there a strategic issue? Is there an issue approach was to embrace that MOU process in a about lack of coordination? genuine and authentic way. The result is that, in the Craig Wilson: Yes to all of those, but equally I would current fiscal year, we will deliver significant savings say that these issues are well recognised and well to Government that have been audited. Those savings, documented. I would wholeheartedly commend the once they are achieved in the current fiscal year, will System Error report and I would also look at the NAO repeat. report on the use of IT, which is also referenced by Nick de Bois: They will recur, yes. the way in the System Error report. Craig Wilson: They will recur, exactly. Now, as would be the nature of these things, and this would happen Q447 Lindsay Roy: What are the main shortcomings with a private sector client, as you can imagine, they and what should the Government do about them? will go to the point about margin. They will say, Craig Wilson: There are a number. The first is the “Well, we have heard what you have said about one we have already mentioned. The Cabinet Office margin but, nonetheless, we still want you to reduce Minister uses the phrase “tight-loose controls”. We those margins,” and you would expect that in the have made this point a number of times; it is making dialogue with any client. Our response to that is to a distinction between those things where the variation say, just as it is reasonable for Government to ask that across the whole of Government is redundant really. question, it is equally reasonable for us to ask for the Government needs to aggregate those things and buy kind of flexibility that you are talking about to deliver them once, very efficiently. A good example is data things in a different way. In our experience, centres. Nobody really knows how many data centres Government has been completely open to those ideas. the Government has, but it is in the hundreds. To give I can give you an example. If you take our defence you a comparison, six years ago that was also the case contracts, a significant amount of the savings in the for Hewlett Packard in the way that we ran our current fiscal year will come from the collection of business. Today, we run the entirety of our business defence contracts. One of the things we said was that from just three pairs of data centres around the world. instead of having gold-standard support arrangement There is no reason why Government could not do the for whole swathes of that community, what we could same thing and build very efficient data centres that do was aggregate some of those so that, where that is are then shared across the rest of Government. That unnecessary, we charge a lower rate. If you can is this tight-and-loose point. That is the first one I change that requirement, then we could deliver some would mention. significant savings, because we would not have to The System Error report talks very eloquently about offer different types of service. They have been open the opportunity to use Agile methods, so I will not go to that idea and, as a result, we will offer significant into a lot of detail around that, because I think it is all savings. I think it has been a very positive process. set out very neatly in there, but then I would go to the point that we have just been touching on, which is that Q449 Nick de Bois: Would you have also been in a I think we have to do things to encourage Government position to negotiate some flexibility or advantage departments more generally to embrace the from it as well? I am not necessarily critical of that, opportunities IT holds to solve some very deep-seated but would you have been able to extend any existing problems. One of the things that is holding us back contract arrangements for a longer period—to say, generally is the very subject of this inquiry: there is a “Look, we are going to do this. Can we have another sort of thought that IT is part of the problem. I do not couple of years on this contract?” think it is part of the problem; I think it is potentially Craig Wilson: We were under very clear instructions part of the solution. We have talked about some of from Cabinet Office Ministers and officials that those those innovative ideas that Government could do kinds of propositions would be frowned upon for more with. reasons that I think are understandable. In our case, Lindsay Roy: In the interests of time, Chairman, I we have not led with those as ideas. will forgo any other questions in relation to this. Q450 Nick de Bois: There were boundaries, if you Q448 Nick de Bois: Can we just turn to the period like, that you were not going to cross, as set out by of contract renegotiation that followed the last General the Cabinet Office in renegotiation. Election? I know there are obviously certain things Craig Wilson: That is right. That does lead to a you will not be discussing that must remain practical problem, which I can come on to but, confidential, but I want to talk about process a little, generally speaking, that is not the route that we have cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Ev 70 Public Administration Committee: Evidence
23 March 2011 Craig Wilson and Howard Hughes gone down, because it is one that officials were ways of working where, as an example, you want to guiding us not to. develop policy and the IT solution together, where maybe the IT solution is informing policy at the same Q451 Nick de Bois: You took a constructive time. Quick iterations of a complete solution, getting engagement approach to effectively recognising that to a prototype quickly, rather than a long-drawn-out this was going to happen. Would you understand that requirements-gathering exercise, are totally some people might say it was easy to cut the margin, appropriate. because you had a high operating margin anyway? Is We do not see it as a risk; we are embracing it. We that an unfair comment to make and, in your case, did expect to use some Agile techniques in a number of you cut margin as part of this process? our projects in UK Government this year, and, on Craig Wilson: No, we did not cut margins but, as a some of those projects, we will use some small result of the savings we have delivered, obviously the subcontractors to help us deliver them. We do not see total revenue has gone down and the margin that this as a threat; we see it as a market trend that we would go with that reduced revenue has gone down, will embrace. if you see the distinction between the two. Q456 Chair: I am delighted to hear you say that, but Q452 Chair: Were you generally happy with this I am also told that you have to say that because your process? customer wants to have more Agile development, so Craig Wilson: Yes. you have to say that. If you move into this field more and more, you still want to be able to control it. Isn’t Q453 Chair: Was it a bit arbitrary? this an opportunity, this is the point I am making, to Craig Wilson: No, I think it was a very methodical bring in the SMEs to have a direct relationship with process and, as I said at the beginning, it was a the Government? Can I give you an example? The process that is not unusual to us. If you look at our VME operating system as a hangover from ICL days major commercial clients, they are going down a still predominates in DWP. Why not get a dozen or similar route, so it is not unusual in that respect. Let two dozen SMEs to brainstorm how to convert the me be clear: the result of this is that IT costs less for data into a modern operating system? If it remains Government. You might ask what our motivation in locked in at present, it is going to go on for years, that is. The motivation is actually clear and it is a isn’t it? self-serving motivation, which is that our calculation Howard Hughes: A bit of history, I think, and a is that, unless we are seen to be delivering good value couple of perspectives on that. I am relatively new on for money across Government, ultimately we will not the account; I am happy to give you data on this get more contracts. through a note. I think there have been numerous attempts over the years to look at how we replace Q454 Chair: It is a bit embarrassing, isn’t it? some of those ageing VME systems, both by Craig Wilson: Which? department-led initiatives and contractor-led Chair: For your customer to come along and say, initiatives. If anybody is sitting there, fit, dumb and “Look, you are charging too much,” and for you to happy, thinking that VME is the future and we are agree. happy to sit with those legacy systems, I do not think Craig Wilson: No, I made the point that I cannot think that is the case. of a single significant client worldwide that we have Coming to the present day, do we feel threatened by not had that conversation with in the last 18 months working in an Agile method, either our own company or so, for reasons which I think will be clear to you. with the Department or our own company with other subcontractors working on Agile techniques where we Q455 Chair: I understand that. I just wanted to put get to a solution quicker? We maybe find risks in the the point. Moving back to the question of Agile process quicker than the traditional waterfall method. development, we have heard quite a lot about this in I would say, and I honestly do not have to say it our inquiry, and you referred to the System Error because my client wants me to say this, I would report from the IfG. Isn’t there a risk to your business embrace that. We do not like to get to the end of a of the Government really embracing Agile project and suddenly find that what we have built does development, because it lets the SMEs have direct not meet the requirement. access to the Government and you no longer act as Craig Wilson: I can help with a little bit of the history. intermediary? I will be brief on this point. Time and time again, Howard Hughes: I will have a first go at that. some very smart people inside the department and Globally, we as a corporation adopt Agile techniques. more generally have looked at that very point, and the A good example in the UK—I do not know if we are collective view is that, rather than try to crack the allowed to mention the company. Are we allowed to VME problem, over time we should simply let those mention the company? systems wither and die away, rather than expend a Craig Wilson: A large telephone company. huge amount of effort in converting this tangle of Howard Hughes: A large telephone company—a legacy systems. That is indeed what is happening. In large amount of our applications development with all of the new systems that are being built, for most them is using Agile techniques, and we have seen the of the significant parts—Universal Credit, being an benefit of that. We view Agile as another tool in the example, but I would also talk about Employment kitbag. On some projects, it is totally appropriate to Support Allowance, which Joe Harley mentioned deploy those Agile types of techniques and Agile yesterday—the new things are not perpetuating that cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Public Administration Committee: Evidence Ev 71
23 March 2011 Craig Wilson and Howard Hughes dependency on VME. Eventually you will get to the Q462 Chair: It becomes impossible to treat all point where there is nothing left running on VME and potential contractors in exactly the same way, because it just goes away. Does that make sense? you might want to have much more of a conversation with one than another, even though they are in the Q457 Chair: That is the solution, is it? I thought care same contracting process. allowance had been migrated from VME to the new Craig Wilson: I think that would be sensible anyway. system, UNIX or something. To certain suppliers, you might say we are looking to Craig Wilson: There have been examples of— them to deliver the platform elements. It might be a particular technique that is appropriate to the delivery Q458 Chair: So it is possible? of those components. This piece over here we need to Craig Wilson: It is possible but, if you look at a big do in an Agile way, and we will have different kinds VME-based system today, like an Income Support of suppliers providing those aspects. Computer System, the business case simply is not there to put the effort in to convert from VME, Q463 Chair: I appreciate that, but supposing we are because eventually those systems will be replaced by letting a contract for a bit of Agile development; it the new systems. might be quite a small piece of work so you potentially have a large number of contractors. Some are going to be more interesting to talk to than others, Q459 Chair: Isn’t there a vested interest in running aren’t they? on legacy systems? I appreciate that VME is not your Craig Wilson: Yes. software, but somebody has a vested interest in running that system on. Q464 Chair: You are going to spend more time as a Craig Wilson: There is a calculation to be made, and customer talking to some of the potential contractors this is the same in the banks, by the way. Most banks than others, but that is not treating them equally, is it? are very dependent on their core banking systems, Is that a problem? which still run on pretty aged mainframe technologies, Craig Wilson: There is something in that but, generally. Why do they not convert? Because the generally speaking, most Departments would say that business case is always slightly beyond them. It is there are no barriers to them speaking directly to better to let the strategy play out; build the new anybody they want to speak to, and you heard some systems with the new technology; make sure they are evidence yesterday on that particular point. not perpetuating a dependency on the old technologies; and let the old stuff disappear naturally. Q465 Chair: We have evidence from small businesses that say they go to talk to Government Q460 Chair: Looking at Government, you say you directly, and they say, “No, you cannot talk to us, can provide Agile development capability for the because of the rules. You have to go through the Government. What skills does the Government need prime contractor.” in order to make it work? Craig Wilson: There is a point here that, if that was Craig Wilson: I think that is an excellent question, not the case, Government departments would be and in the System Error report they do go to that point inundated with people wanting to— on several aspects. I know this is a question that the Chair: With ideas, perhaps? Committee has asked. There are some things about Craig Wilson:—have a chat with them, so they have the nature of Government IT that mitigate against to have some sort of triage. Generally speaking, in using Agile techniques that we have to grapple with, the case that Phil Pavitt used yesterday, there was no and one of them is that there is an overriding impediment to HMRC having a dialogue with resistance generally to spend any money in a nugatory VocaLink. way. By the nature of Agile development, you will try something; if it does not quite work, you throw it Q466 Chair: What happens if a small business has away and go in a different direction. We are all an idea that actually deconstructs your very large convinced that, overall, this is a good thing, but there contract? You are going to filter that one out, aren’t needs to be some cultural development in the way you? most Government projects are developed. By the way, Craig Wilson: Generally speaking, the ideas they you heard evidence yesterday that some of the newer come to Government with are about doing things in a projects are absolutely embracing this technique. It is better faster way. We are just as interested in that as not impossible. I am just saying that it is not in the Government is. nature of most Government departments. Chair: Moving on: IT policy and processes.
Q461 Chair: Are the procurement rules an obstacle Q467 Kelvin Hopkins: You say in your evidence that to this? IT is now on the critical path of almost any significant Craig Wilson: Yes, they can be, in the sense that the policy initiative, and that it is important that IT is not way that procurement works in a formalistic way considered as an afterthought. Have you experience of often requires you to have a fixed specification against this happening? which everybody then bids, whereas in an Agile world Craig Wilson: Yes. It is getting better, but generally what you are really seeking from suppliers is a speaking, and in some cases for good reasons, as I capability, and then what emerges is a result of those mentioned before, we can find that, in the overall iterations that we were talking about. lifecycle of a piece of new legislation, IT and the cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Ev 72 Public Administration Committee: Evidence
23 March 2011 Craig Wilson and Howard Hughes business preparations in the relevant departments get Craig Wilson: Like any business, it is in our interest concertinaed into the second half of the process. On to do what customers drive us to do and, whether we day one, the business changes, and the IT are on the are talking about private sector or public sector critical path to deliver the project. That can happen, clients, they are driving us continuously to deliver yes. more innovation to them. One way we can respond to that is with the help of partners. Q468 Kelvin Hopkins: Is more required to change mindsets with some people to make sure that IT is Q472 Kelvin Hopkins: Have you any examples of considered earlier? Is it still a problem? where you have suggested change, where a Craig Wilson: Yes, I think it is generally a problem, Government department is thinking of one thing and but it is a problem that is generally understood as well. you have said what you really want is something else, If you take the departments that we would consider to and it has actually been beneficial? be the leaders in this regard, departments like DWP, Craig Wilson: Let me think about a really good this has been a long-recognised issue, and there are example. What I would say is that there is a pretty well-tried and tested means by which they can continuing dialogue. “Why do you not do it this way involve suppliers and the operational parts of their rather than that way?” Generally speaking, because business early in the development of the project we do find ourselves often in this situation where thinking. Universal Credit is a good example of that, things are concertinaed at the end of the project, we where customers, operational people and potential IT are generally seeking in that dialogue to de-risk things suppliers are part of the thinking early on in that for Government. The nature of that advice is to project, in order to de-risk it for Government. decouple things so that the implementation of the policy is not dependent on all the different pieces of Q469 Kelvin Hopkins: You should have a role in the programme working perfectly on the very first day helping Government to identify best solutions as well, of the policy—the computer systems, business given that you will have inevitably more expertise processes and the rest of it. I might say, if you look at than Government, even in the best of all possible the things that have been notoriously catalogued over worlds. Suggesting the best solutions is part of your the years, generally speaking those projects are responsibility. characterised by what is sometimes described as a cliff Craig Wilson: Yes, that is true, but we are also edge, where everything has to work perfectly on mindful that Government needs to maintain a degree day one. The nature of our advice generally is to break of competitive tension as well, so that is the balance those dependencies, so that those risks are managed in that dialogue. out. The experienced departments are very good, increasingly experts, at doing that. Q470 Kelvin Hopkins: Is the Government open to Howard Hughes: May I just make one supplementary hearing about how IT could be used to run services point? Traditionally, if we go back 10 years, you differently or is there still some resistance? There would make technology and services decisions might be some dinosaurs like myself, who would not throughout the whole solution. You would start a know one end of a system from another, but I programme and say, “Which data centre is it going in? appreciate it can do wonderful things. Which network am I going to connect to? What Craig Wilson: I think it is changing significantly, but hosting environment, what security model?” If we there is still work to do. That is the way I would segue back to our previous conversation about characterise it. It is variable. I would add, and I think Government buying once and using many times, Howard made this point earlier—and I think Sir Ian having some common components, mainly at the Magee made the same point—that all of these are not infrastructure layer, a lot of those decisions that pure IT projects; they are big business change projects previously would have churned on for months and that are enabled with IT. The point I am making about pushed programmes to the right, if we get this right the dialogue with the IT experts early in the process they should become the building blocks that the also applies to the people who are experts in the Government has preordained. I think the supplier operational aspects of the departments, who are often community would welcome that. on the critical path as well. Indeed, even more important are customer groups because, these days, all Q473 Chair: Are you the systems integrator that is of this complex policy, whether or not it works going to deliver Universal Credit? depends as much on the suitability of the process of Howard Hughes: We are not the overall systems delivering the policy as on the provisions themselves. integrator. We are one partner with the department. Increasingly people recognise that. Q474 Chair: Obviously that has already been pushed Q471 Kelvin Hopkins: Is it in your interest to back a bit, but 2013 is going to be a very critical suggest new ways of working? There is always this date. Do you have confidence that the systems will worry that it might be in your interest but not be ready? necessarily that of the customer or the client. When I Howard Hughes: I am seeing things on Universal am buying a new car, somebody says, “What you want Credit that I have not seen before. They have is the deluxe model with a bigger engine,” and all the appointed an SRO at the earliest point in the rest. You have that kind of power to do that, but is it programme, and Terry is getting his arms around the in your interest? How do you ensure that the clients whole programme in a business process change, and customers’ interests are served properly as well? systems, technology change way, which is critical. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG04 Source: /MILES/PKU/INPUT/010970/010970_o004_michelle_PASC corrected transcript 23 March HC 715iv.xml
Public Administration Committee: Evidence Ev 73
23 March 2011 Craig Wilson and Howard Hughes
Secondly, all the providers, and we are not the lead together with the department to try to deliver a systems integrator for it, are all involved in this early successful outcome but, to your point, 2013 is a formative stage. critical year and that first pilot in May is absolutely vital. Q475 Chair: Who is the lead? Howard Hughes: At the moment, really the Q476 Chair: Your confidence level? department is the lead, because we have a collection Howard Hughes: If we continue to work in the spirit of suppliers. Some have incumbency in certain in which we are at the moment, and if we continue to contracts, so we have, as an example, a framework knock down the risks, my confidence levels are high. contract that will support parts of the programme. Chair: Good. We are extremely grateful to you Others are subject to competition, which is ongoing at gentlemen for joining us. I do think it is a credit to the moment. There is an open competition for other HP that you have come and given evidence in public. parts of the programme. After the SRO, I would We have not quite Bob Diamond-ed you, at least not continue by saying that I have never been involved in so that you noticed. I am very grateful to you for the early stages of a programme quite so much as I coming. Thank you very much indeed. have this one. All of the suppliers are already working cobber Pack: U PL: COE1 [SE] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Ev 74 Public Administration Committee: Evidence
Wednesday 30 March 2011
Members present: Mr Bernard Jenkin (Chair)
Nick de Bois Kelvin Hopkins Paul Flynn Lindsay Roy David Heyes ______
Examination of Witnesses
Witnesses: Rt Hon. Francis Maude MP, Minister for the Cabinet Office and Ian Watmore, Chief Operating Officer, Efficiency and Reform Group, Cabinet Office, gave evidence.
Q477 Chair: Thank you for joining us today, big suppliers. How this will change: we have Minister and Permanent Secretary. Thank you very introduced a presumption that no projects should have much indeed. If you could each identify yourselves a lifetime value of more than £100 million. That is for the record. not a dogmatic restriction. Francis Maude: I am Francis Maude. I am the Minister for the Cabinet Office. Q480 Chair: That compares with, for example, the Ian Watmore: I am Ian Watmore, Permanent Aspire contract with HMRC, which is, what, Secretary at the Cabinet Office. £8 billion? Francis Maude: Could I by way of a very quick Francis Maude: A lot. I could not swear to the introduction just alert you, Chairman, in case it has exact number. not totally filtered through, to the fact we are publishing today our Government ICT strategy? We Q481 Chair: Could you put a figure on it? let the Committee have embargoed copies yesterday. Ian Watmore: I think the published contract value is I am just conscious it may have happened late, and I £4.3 billion, and that is what is left— am not totally confident therefore that members of the Committee will have had a chance to read it. It is not Q482 Chair: They are skilfully adding to that. a fantastically lengthy document and it is incredibly Ian Watmore: I only know that the published figure readable. is £4.3 billion. I am pretty certain that is right. Francis Maude: But it is a lot and I would aim not Q478 Chair: We have not studied it in any detail, to be doing contracts of that size in future. That is a but my understanding is that it does not contain any contract for services; that is not just an ICT build, in surprises, dramatic new truths or revolutionary my understanding of Aspire, but it is still a very big concepts that were not already in the public domain. contract, and of course the downside of contracts of Francis Maude: We think it is a lapidary formulation that size, particularly with a systems integrator, is that of some important concepts for the future. you get very locked in. Chair: And what does “lapidary” mean? In terms of procurement, we are chunking our projects Francis Maude: Precisely crafted. into more manageable sizes so that you have a wider range of suppliers that are equipped to provide a Q479 Chair: Right, very good; that was just for the procurement process that will in future, we hope and benefit of the public. We know that IT procurement is intend, be less prescriptive in terms of the how of notoriously difficult and has an appalling track record. what is done and more prescriptive in terms of the In fact, the CIO we had in front of the Committee outcomes we wish to be achieved; and procurements last week said, “Today, only 30%, we estimate, of our projects and programmes are successful. Why that are much quicker. They tend to be very slow; they shouldn’t it be 90%?” You are producing a new are typically twice as long in this country as they are strategy and we welcome that, but why is this going in Germany. This is very costly. A supplier will tell to be different? This is another of a succession of you that bidding for a public-sector contract can cost attempts to reform IT procurement. What is different four times as much as bidding for an equivalent this time? private-sector contract, and this again excludes many Francis Maude: That is quite a big question, and I potentially competitive suppliers from the will start and Ian can pick it up. The projects have marketplace. We have a whole lot of things that we tended to be too big. That is partly a function of us hope will make this better. being a very centralised country, so a lot of the programmes for which Government IT projects are Q483 Chair: Is this a cultural change? needed are big national programmes, whereas most Francis Maude: I am always a bit sceptical about countries are more decentralised and dispersed. We trying to achieve cultural change. I think the thing to inherently have more big national programmes for do is try to change behaviour and, out of changed which IT projects are needed. That is the first thing. behaviour, a different culture emerges. The second thing is we tend arguably to be rather risk-averse in how we procure, and we have tended to Q484 Chair: You are looking for behavioural take the view that safety lies in big projects with very change. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Public Administration Committee: Evidence Ev 75
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore
Francis Maude: I am looking for us to do things Technology happens to be an enabler for that. When differently, for us not to be constantly reinventing. We you look at what we do every year, we do hundreds are not good in the public sector at reusing what has of projects extremely well. You never hear about them already been expensively built. and they work every day. You would know, because the country would cease to function if it did not have Q485 Chair: Minister, I am very sorry to point this all of this technology working. out, but your just-published document says, “Many of When we have the so-called IT project disasters, these actions represent not just technological change, nearly always they translate back to the sorts of things but changes to the operating culture of Government,” that the Minister was just talking about, which are an so you do like cultural change. over-ambitious project, too big a project, a policy that Francis Maude: Yes, I do like cultural change, but probably was not as well thought through at the time you do not achieve cultural change by trying to of announcement as it might have been, and an change the culture; you achieve it by changing attempt to bring in change on a national level to the behaviours, and the culture change follows from the scale and complexity that the Minister was referring behaviour change. to, usually on a single day via so-called big-bang implementation. All of those lessons, which have been Q486 Chair: We will come to the whole client-side well documented as the cause of the problems in this operation in Government later. Mr Watmore, if I may, area, generally track back to one of those three things: I should declare an interest: the co-chairman of Fujitsu policy problems, business change problems or Europe is a personal family friend. But I think you big-bang implementation. have a bit of history as well, haven’t you? Ian Watmore: I would like to think so. I worked in Q492 Chair: If I may—we will come to the other the IT industry for 24 years before joining the points you are raising—the track record of this, on the Government. evidence we have, is that local Government acquires its IT at about 50% of the cost of national Q487 Chair: You worked with? Government. Ian Watmore: With Accenture. Ian Watmore: I do not think you can make that comparison. Q488 Chair: Which is one of the biggest providers of IT to Government, one of the systems integrators. Q493 Chair: Why can we not make that comparison? Ian Watmore: From memory, I think it is about 18th What comparison have you made? out of the top 20. It is relatively smaller than, for Ian Watmore: Local Government does many more example, people like Fujitsu, which is much bigger. I smaller projects. did personally build some systems in the 1980s in an incredibly complicated environment—the old DSS, Q494 Chair: Is that not what you are suggesting we now DWP. should do? Francis Maude: Let Ian finish. Q489 Chair: Was that in Joe Harley’s 30% of Ian Watmore: The policy changes that we are successful projects? announcing, both in this strategy and more broadly in Ian Watmore: It will almost certainly have been, regard to this, say that in the early part of a policy because they are still running to this day and people change from Government, we now want people to rely on them every day for paying benefit payments. think through the implications of their delivery. If that requires an IT programme of many hundreds of Q490 Chair: The Child Support Agency system is millions or even billions, with a four- or five-year lead still running to this day, but it was a disaster. time before it is going live and with a big-bang Ian Watmore: I was not involved with the Child implementation, we will say no to that policy early Support Agency project, but the core benefit systems on. We have introduced the changes, in line with the that were introduced in the 1980s, when the welfare strategy of the Major Projects Authority, precisely to state was under huge stress and strain, were brought intercept those things right at the beginning. As the in in order to mitigate that, and it was a very Minister has rightly said, the Government’s intention successful project. here is to learn from what local Government and others have been doing, to break the very large Q491 Chair: The point is you come from exactly the national projects up into much smaller projects, so that large corporate culture that has bedevilled IT they can be individually procured in an easier way, procurement in Government. Are you part of the delivered with more rapidity and, importantly, cultural change that the Minister is looking for or are changed in the light of actual experience in the results. you just part of the problem? That is the changing direction that the Government is Ian Watmore: I am certainly not part of the problem, announcing today, and it is one I personally support. and I would contest that the corporate industry of this country has caused the problems that we have. In fact, Q495 Chair: This is the Cabinet Office taking I would contest the concept of an IT project. In my powers to stop things, but does the Cabinet Office mind, I do not know what that means. There are only have enough power to promote new initiatives, new projects that you introduce in Government to working practices, across Government, or is the introduce policy that Ministers have decreed or to notorious silo-working of Whitehall Departments still improve the operation of the system of Government. protected by the political and financial accountability cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Ev 76 Public Administration Committee: Evidence
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore mechanisms, which would actually prevent the Q497 David Heyes: We know that the Prime Cabinet Office taking some of these initiatives into the Minister believes that there are too few suppliers heart of Government? getting the majority of contracts, but we have had Ian Watmore: I think it is a good challenge, conflicting evidence on that. Do you have any firm Chairman, and I will let the Minister talk about the figures on the proportion, the share of the market, ministerial side in a second, but what has been which goes to the biggest suppliers? essential is to have that ability to stop things. You get Francis Maude: The first point is the quality of our people’s attention when you have that control. We do central data is very poor. When we were renegotiating not want to sit around waiting for things to come up contracts last summer with the biggest suppliers, the so we can go, “Stop, stop, stop,” but the fact that it central data was woefully inadequate, and we only got exists means that people engage us much earlier and, the data in the first instance by asking the suppliers therefore, we can help shape what is going on. For themselves. The second thing is, in terms of the value example in Universal Credit, which is one that is very of contracts, you need to look into the supply chain topical, both the Minister and I have been actively as well, because there will be smaller suppliers that invited in by the Department for Work and Pensions, are supplying to Government, but more often as and they are formulating a project plan that is in line subcontractors. This is not always optimal, because with this new strategy. That probably would not have there will be margin on margin, so what the smaller happened in the past. suppliers get in those circumstances is more limited. We have said our ambition is that 25% by value of Q496 Chair: Certainly one of our SME witnesses Government contracts should be with small- and says that the key to cultural change is to turn off the medium-sized enterprises. It is going to be quite tough tap. Minister? to track that, but we have put a requirement on Francis Maude: I think that is right. Is the ability to Departments, agencies and public bodies to report on say “no” enough? It is a pretty good start actually. If that. you can stop people doing things wrong, you have Ian Watmore: Can I just give you a statistic that I some chance of encouraging them to do things right. think is accurate, and you can check it afterwards, if We do not want everything that gets done in it is not? The top-three companies in IT in the central Government to be centrally driven, but we do want to Government space are HP—it is the EDS contracts stop people and bits of Government doing things in acquired by Hewlett Packard that are HP—BT and the old outdated way that is part of the problem. The Fujitsu. Those three companies account for about moratorium that we established within days of the £5 billion a year of spend, and I think the total spend on IT in Government is about £15 billion or coalition Government being formed, so that no IT £16 billion, so about a third of the market is in the project with a value of more than £1 million went hands of three companies. But, as the Minister rightly ahead without my personal approval, did actually says, those three companies hold the prime contracts. institute a bit of a shockwave around the system. We The subcontracts underneath all of that then have have now raised that to £5 million, but we will still many dozens of suppliers. In fact, Fujitsu supply to exercise considerable control. HP and BT as well as having their own contracts, so Ian’s point is right. A lot of these problems arose it is a complicated landscape, but those are the three because there was insufficient pushback on policy. big companies for value. You would have Ministers announcing a policy and Francis Maude: We are expecting greater saying, this is gross simplification, “We must have an transparency over the subcontract arrangements. IT project to implement it,” and then lose interest, with senior officials often losing interest as well. No Q498 David Heyes: Despite the lack of data, there is one who was actually responsible for implementing a shared view that too few suppliers get too much of the wretched thing was feeling empowered to push the work, and something needs to be done about it. back to say, “Actually, if you do it this different way, What impact does that current market concentration you can slice the cost right down and take a lot of the have on the ability of the Government to get value for risk out.” I do not know whether it was a cultural money out of these contracts? thing or what it was, but you have to have the ability Francis Maude: It is a less competitive marketplace. to have pushback on policy. If you have procurements that take so long and cost One of the things I hope the departmental boards will so much, and the smaller suppliers just get frozen out do, and I have encouraged them to do, is exactly that to begin with so it is less competitive, you are less pushback. We have set up those boards in a stronger likely to have newer, more innovative suppliers, form, with ministerial leadership and very senior where there will be more risk involved for sure, non-execs. They are not there to define policy, but because we tend to like lots of track record. We are one of their functions will be to push back and say, changing the way procurements are done. The “Actually, in terms of delivery, this is not deliverable standard approach tended to be in pre-qualification in a rational way,” and force Ministers to think again, questionnaires, which could be incredibly lengthy and and hold senior officials and Ministers’ feet to the fire tiresome, and had to be done every time there was in terms of the deliverability of big programmes. an invitation to tender. They would tend to want, for Chair: You must forgive us: we want to get done by example, three years’ audited accounts. A new small 11.30. We have a lot to get through. If we can have supplier might not have any years’ audited accounts, answers as short as possible, but we want you to have and so would immediately be frozen out. We are your say. changing all that. We are actually saying, for lots of cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Public Administration Committee: Evidence Ev 77
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore procurement, you do not need to have a you might use in your daily work and compare that pre-qualification questionnaire at all. We want this to with other people, but there are not too many people be quicker, more open and more accessible. doing MOD-style systems or GCHQ-style systems, so There will still be lots of contracts that go to big the comparability is harder there. What we do find suppliers; there will be some things the scale of which when we do the comparison with the commodity-type is such you need a big supplier to do them, but it end is that there is great variability in Government. In should be much more open for innovative solutions. some cases in Government, they get great deals; in One of the things we are doing is to have, and I think other places, they have very poor deals. the first one is happening in April, a sort of Dragons’ Den event, where small suppliers are able to pitch to Q504 Chair: Mr Watmore, can we just crack this Government innovative ideas and different ways of one? How much of Government IT spend is really doing things, because often they find it difficult to get specialist? access into the system to pitch ideas. Ian Watmore: I do not have a precise statistic.
Q499 David Heyes: HP has told us, in contradiction Q505 Chair: It is a nonsense, isn’t it? Most to that, that they have met with the Cabinet Office, Government IT spend is on email, data. looked at margins and apparently assured you that Ian Watmore: No, the vast majority of the spend will they are not making any more profit. be on bespoke systems for Government. Francis Maude: They would say that, wouldn’t they? Q506 Chair: That is the problem, isn’t it? Q500 David Heyes: They would, but they say that Ian Watmore: That is the nature of Government you agree with them. Is that right? They told us that business. the Cabinet Office and the OGC had reviewed their margins, and accepted that there is no more profit in Q507 Chair: No, that is the nature of the way this than they would have made from comparable Government buys IT. business in the private sector. Is that the case? Ian Watmore: I do not think that is true. Francis Maude: I would be interested in the timescale Chair: How much needs to be specialised? you are talking about here. I am not aware of any Ian Watmore: That is not true—I am sorry—because endorsement of that nature. the vast majority of expenditure goes on areas like Ian Watmore: From personal memory, Government defence systems, social security systems, retirement business was, at a profitability level, out of the top-10 markets that one would cover in the private sector, pension systems. generally about the second or third worst from a profitability point of view. Q508 Chair: Defence systems might be special, but why are social security systems any more special than Q501 David Heyes: Isn’t this about more than a banking system or a fund management system? margins? Ian Watmore: Because Parliament has, over many Ian Watmore: What it was best at from a supplier years, legislated very complex legislation in order for point of view was longevity of contracts, and it is people to be in receipt of a retirement pension or an for the reasons that the Minister has just said. The income support benefit. The complexity of the procurement regime was such that, if you constantly legislation that has to be encoded in the system is re-procured, you would never get anything done. massively more complicated than anything equivalent People used to do a big procurement once, let a in the private sector. It is the complexity of those 10-year contract and then procure underneath that. systems and the scale—the fact you are doing them for 60 million people, for everybody in this country— Q502 Chair: It is a very lush secure cash flow for that makes them very complicated. underwriting all your overheads. All you asked was a factual question: the vast majority Ian Watmore: That is what I said: it is the trade-off of the spend does not go on email, basic between margin and longevity of contract. That is why communications and desktops. It goes on special people are in that business. In any marketplace, if you systems to implement Government policy. are covering the whole of the economy, you want a blend of market types. In Government business, it Q509 Chair: I am sure the politicians are to blame tends to be predictable revenues for the big companies in the end. at a lower margin. Ian Watmore: I did not say the politicians were to blame; I said it is a complex environment. Q503 David Heyes: This is about more than margins, Francis Maude: I think politicians are largely to isn’t it? It is about the whole question of the efficiency blame actually. I will make a couple of points. The of the way they do the work. What sort of first is it simply is the fact that a lot of this stuff is benchmarking evidence is there about the quality of more specialised. Banking is banking, and banks do the work, not just the profitability? things in different ways, for sure, but actually they are Ian Watmore: I personally think this is a really fertile doing something that is fundamentally the same. area to explore, because it is really hard to do direct There is only one benefit system in this country, and comparisons for the sorts of things that Government it is completely different in this country from anything does. You can do things on a very basic level, like the any other country does. You do need to have IT comparability of a desktop computer or laptop that systems that operate it that are fit to do it. cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Ev 78 Public Administration Committee: Evidence
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore
There is another point to make, and I think that part Q515 Paul Flynn: How does ministerial of what you are after is correct, which is that we are involvement help? not good at adapting—well, first of all, pushing back Francis Maude: I have good advice from people and on policy, so that, if you do it this way, there is already we apply some fairly robust common sense. If I see a a system around that has been expensively procured fourth project coming up from the Ministry of by the public sector, which will, by minimal Defence that looks remarkably like three others I have adaptation, do the job—actually saying, “Do it seen, we then say, “Actually, let’s pull all of these differently and we can provide the IT very quickly back together and do it differently.” It is the same with from, as it were, the app store, from inventory.” There the moratorium on advertising and marketing spend. is a real point there. One of the things we are adamant We have just found out a hell of a lot about what is about in the ICT strategy is we have to get much going on and been able to exert some discipline on it. better at reuse and adaptation of what we already Ian Watmore: If I could, Mr Flynn, the criteria we are have. One of the things we are saying, and we need using when judging a project are some of the well- to press ahead with this, is we need a proper known “common causes of failure” of a project. A comprehensive asset register, so we properly know very good one is, if the Government comes forward what it is we have. with a potential announcement that is going to require a massive change to the whole country on a single Q510 Chair: I would hazard a guess, and the day—the so-called big bang—that is something that evidence that we have received is, that at least 80% rings red alarm bells with us, and we would say you of what Government does is pretty common or need to think of a different way of implementing it garden stuff. because, if you go down that path, you will by Ian Watmore: I would contest that. definition have a fiasco on your hands. It is about how Chair: There is some that is very high security that you implement the policy as well as the nature and necessarily needs to be different. I am very interested the complexity of the policy. that you contest that, and I think that is an assumption The other thing the Minister has emphasised with that we need to explore further. which I could not agree more is the desire to reuse things from elsewhere in Government that are already Q511 Paul Flynn: I can recall a Government there. There are occasions when we see at the centre Minister saying that he was going to simplify the Department A coming along saying, “We need to do social security system and get rid of what he called this and this is what we would like to build,” and we the “twiddly bits”. That was Tony Newton in 1987. happen to know that Department B or C has already Your blame on the politicians is a nostra culpa,isit, done that. In the past, that information would not have rather than blaming any particular party? All been shared. We are trying to share that, so they can politicians have made the system too complex. pick something that is already working and reuse that. Francis Maude: Yes, absolutely. These are the kinds of things that we are looking to do as we go forward. Q512 Paul Flynn: Why is there a difference of £4 billion between what we think the Aspire Q516 Paul Flynn: programme will cost and what you think? The Institute for Government did System Error, Ian Watmore: I do not know. I do not know where a report, and they described some of the your figure comes from. I believe that the figure I typical failures of the past. They picked on the Prism quoted is the published figure of what is left to run on system, which was in the Foreign and Commonwealth that contract. It may be, since this has been running Office, and it was an attempt to take 30 existing for several years, that you have the total life-scale programmes that were running at the time and value of that contract. I think I am talking about what integrate them. They said, “In the FCO’s long history is left to spend, but maybe I have misremembered. of ineptly implemented IT initiatives, Prism is the most badly designed, ill-considered one of the lot.” Q513 Paul Flynn: The total might well be £8 billion. They said the staff were “at their wits’ end”. Is this Ian Watmore: From when it was originally let, which true and how do you avoid this in future? was three or four years ago. It is possible, but I am Ian Watmore: I have no personal knowledge of that remembering a number so we can check it afterwards. system so I could not comment, but I do know that the Foreign Office has a particular challenge, which is Q514 Paul Flynn: What criteria do you apply when something else that is special to Government, around you go through the contracts you see? Which ones do the security aspects of their IT. We are a target for you stop? Which ones do you throw out? What gives state-sponsored terrorists, hackers and criminals in a you an insight into this that was absent from your way that is disproportionate. They go after predecessors’ judgments? Government sites. When you are in something like the Francis Maude: What do you mean by which Foreign Office and you are operating in a different contracts we throw out? world, they have a real challenge on how to get highly Paul Flynn: You say you are looking at everything secure technology that is very usable by their people, that is worth more than £1 million, so how do you and the two are often in conflict. decide which ones should go ahead? Do you feel comfortable that you have total command of the Q517 Paul Flynn: Regardless of whether you technology? understand this system or not or know about it, the Francis Maude: No, not remotely. general criticism of the Institute for Government is cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Public Administration Committee: Evidence Ev 79
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore that there was nothing wrong with the technology; it Ian Watmore: I think we would say that the data that was just the way it was incompetently applied. we got was sufficiently poor that we could not be Ian Watmore: I think that agrees with my opening clear. remarks. It is very rare that the technology is the problem in these so-called IT problems. It is nearly Q522 Nick de Bois: You say you will press that. always the case that either the project management Ian Watmore: We are mandating, going forward, that has been done incorrectly or the policy ambition was that has to be clear, transparent and publicly available too ambitious. The reason why IT is the place where data. It would not surprise me if, in certain parts of it gets found out is because that is the place where all deals, there was a lot more than people think. Quite the codification of what has been decided finally often you find you have a big prime contractor here comes to fruition, and machines are pretty bad at buying a piece of major software from a major handling ambiguity. If there is ambiguity, you find it company here, which in turn then uses an SME out. That is why we often find these things go back to product down here, and so it is quite difficult to track project management or policy when we track them. through the supply chain.
Q518 Paul Flynn: When we get around to reading Q523 Nick de Bois: I appreciate that. You are going this precisely crafted document that you published into tier-three and tier-four supply chain there. Before yesterday, will we read in there how this will never we move on to the alternative of direct contracting happen again? with SMEs, we came across evidence, again from HP, Francis Maude: No one is remotely beginning to say that was very disturbing. I hope it is something that, it will never happen again. This is big difficult if you have not come across it, you will be able to territory, where actually we ought to be trying to do look at. On the whole, prime contractors enjoy things in new ways, periodically, and there will be risk reasonable cash flow payments in their contracts. That involved. We need to be much better at managing the is understandable but, by their own admission, these risk, more willing to take on risk and have much better are not being passed on to SMEs working directly on project management. Is everything going to be lovely those contracts. Have you come across evidence of and perfect from now on? No, certainly not. that, and is there anything you could reasonably do about that or may have taken steps to do already? Q519 Paul Flynn: We have been listening to these Francis Maude: Government pays its bills with kinds of assurances for many years. Nothing seems to unnatural speed, and so our cash flow management change. Are you convinced there will be some great from that point of view is very good in terms of renaissance in dealing with IT? providing liquidity into the economy. It is not Ian Watmore: The Minister has already introduced a necessarily so good in terms of our working capital change that has never happened before, which is this moratorium on projects. That gives us the ability to requirements. It is not uniformly the case that prime get in early enough. Without that, we could not do it contractors operate the same terms with their and, with it, we have a much better chance of learning subcontractors. the risk. Chair: The Minister has very skilfully removed the Q524 Chair: Can you make that a contractual rope from around his neck. obligation? Ian Watmore: I think we can and we will be going Q520 Nick de Bois: I would just like to touch on forward trying to ensure that cash flow flows through. SMEs, and in fact a very welcome aspect of your When I was a big supplier to the Government in the commitment to drive more business into SMEs. Can I 1980s, if my bill was paid in the same year that I just start trying to understand? Is your plan to issued it I felt pleasantly surprised. It was the worst encourage more direct contracting with SMEs, or is it payer of all. The Minister has just said exactly the to ensure that more prime contractors increase the right thing: it is now one of the best payers. The level of subcontracting to SMEs on those projects? reason it took that policy decision over a long period Ian Watmore: Both. of time was not to enable big companies to improve Francis Maude: Exactly: both. The former by their cash flow, but to get it through to the supply chunking projects up more, so you have smaller chain, where it was really needed. If it is not projects that are within the range of smaller suppliers, happening, we absolutely have to change that. If that but the latter as well, and to do it in a more transparent is contracting or transparency driven, it is something way. We want more visibility. When we were we are pushing on very hard. renegotiating with suppliers last summer, it emerged that we began to get a bit of a sense of what the Q525 Nick de Bois: That is welcome, because it is margin stacking is, where you have a big prime important as a lot of SMEs would not even consider contractor with subcontractors. bidding for work on unfavourable cash terms, because frankly there is no point in doing it. I was not Q521 Nick de Bois: There is some evidence we took comfortable; I admired the honesty of the submission from HP, who were here last week, which gave a but, if that is at all representative of the industry, rough order of merit that about 30% of their prime Government has a duty to do that. I just want to put contracts, they argued, were subcontracted to SMEs. that on the record. Do you agree with that from the work you did last Francis Maude: That is a really good point. summer? Ian Watmore: I think we would agree as well. cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Ev 80 Public Administration Committee: Evidence
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore
Q526 Nick de Bois: Turning to the idea of those three things will see SMEs expanding their role contracting directly with Government, it seems to me in this marketplace, and there may well be other ideas, you have a stated aim that contract sizes should be which we are very open to. reduced to allow this, but I think we are still talking about quite a large significant figure for contracts. Q528 Nick de Bois: One final question, if I may, Have you done any evidentiary work to establish what Chairman. Notwithstanding the steps you have our SME base in the UK—I suppose it should not outlined and your attempts to simplify the just be the UK—is conceivably capable of handling procurement procedure, which, frankly, having been in contract sizes? I realise that is a pretty general on the other end of it, I wish you well with—it is a question, but I do not suspect many SMEs will be big barrier to winning business from Government— bidding for £50 million contracts. I would like your what will your benchmarks be for success of having view on that and what steps you think you could take integrated more SME suppliers into the chain? Do you to improve that. have some benchmarks to say whether you feel you Francis Maude: The bar we chose was £100 million, have been successful or not? so a presumption against projects with a lifetime value Ian Watmore: The first thing is to get the baseline, of more than £100 million. Why £100 million? Well, what it is currently, and that is hard. it is a good round number that is a lot smaller than a lot of the projects at the moment and that, for a Q529 Nick de Bois: You are not sure what that is. multi-year project, is not beyond the means of Ian Watmore: No, but we are getting there as the new certainly quite a lot of UK-based medium-sized contracts are published. I would say a very simple enterprises. I do not think there is any particular magic benchmark is it has to grow each year, so let’s make in this. We do not want to have an incredibly elaborate it better than the previous year. The Government has system. What we want is to encourage a different an overall aspiration for 25% by value of contracts in mindset in the way in which Government thinks about general—that is not IT per se—to be with the SME IT projects. A presumption against big projects does sector. Until we have reached that, I do not think we not mean you can never do them, but it does mean will be stopping. the expectation is you will chunk them up more and probably do more integration in-house. Q530 Nick de Bois: Will you share those Ian Watmore: Can I give you three practical examples benchmarks? Will they be public or what is going to of where this will apply? One is in software. happen? Ian Watmore: Yes, one of our main themes is that Q527 Nick de Bois: Could I just pre-empt that? One making those transparent and publicly available thing you said, Minister, was about the size of the produces better data and reduces the sorts of pressure contract. Have you or would you undertake any you have alluded to. market examination to substantiate that in your mind, to put your mind at rest that that is the case? Q531 Chair: Before we move on to skills, one of Francis Maude: That going for those sorts of sizes the things you do with these very large contracts is will actually open it up? benchmark them to check that they are value for Nick de Bois: Yes, whether they are lifetime or— money, but you tend to benchmark against similar- Francis Maude: Certainly. We had a big event in sized companies doing similar-sized contracts. Surely early February at which the Prime Minister spoke. It we should be benchmarking against what the small- was not particularly IT-focused but a lot of it was and medium-sized enterprises could do. There are about IT. Certainly the reaction of the SME suppliers examples of where an SME can design a platform or there was extremely positive. an interface for a tiny fraction of what it would cost a Ian Watmore: I think a few practical examples will conventional large company to do. help. The first is on software. It is possible for an Ian Watmore: The whole topic of benchmarking in IT innovative new company that has produced a new is complex. With some things it is very easy; it is piece of software to take on a relatively large contract, commodity based. The problem you get into is how because the software itself is expandable to take that you benchmark building the retirement pension on. That is one very good area. system of this country. It is about as complicated as it The second area is in commodities. For example, a lot gets. If we are to have a single system doing of the IT spend at the small end of the scale goes on retirement pensions, there is no benchmark, so you try laptops and things of that ilk. Quite often that is to find surrogate benchmarks. There has been a whole bundled up today with the big contracts. It will be a load of evidence; function points was one that was Fujitsu laptop because Fujitsu has the rest of the used for years. People used to try to compare how business. We are trying to un-bundle those so that a much their price per function point was. different range of providers can come in and pitch for those. Q532 Chair: Do you understand how absolutely The third is on the IT services end where, if we let maddeningly frustrating it must be to be in a small contracts at below £100,000 for the individual service business and see very large amounts of money being contract, through the new rules we have introduced spent, when you know in your business that you could we make the procurement much easier, which should do it for a fraction of the cost, but you cannot get a then incentivise the procurer to do more of those types look in? of procurements, because it is much easier for them Ian Watmore: You believe you could. I think the to do the physical procurement. The combination of answer I gave to the previous question remains the cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Public Administration Committee: Evidence Ev 81
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore same: we want to open up the market by having for a single contract, which is why the temptation is smaller, more deliverable procurements to enable to go for larger contracts and suppliers. these sorts of companies to show what they can do Ian Watmore: Absolutely. and grow from that. At the moment, they are locked out. Q540 Chair: Don’t we actually have to press for deregulation of the contracting process and a change Q533 Chair: My comments about your own to the European Directive? background were not gratuitous. Do you not need Francis Maude: Yes, we are doing. some of these terrorists and insurgents of the industry Chair: That is very good news. working in your office, working for you, and then Francis Maude: We have also massively stripped working among the small- and medium-sized sector? down the way in which we apply it—not so much the Ian Watmore: Absolutely and we do. legal framework, because I am reasonably confident, although if anyone has views to the contrary I will Q534 Chair: How many people do you have from definitely listen to them, that we have not gold-plated SMEs in your Department? the European Directives in our own law. What we Ian Watmore: We first of all took on in January a guy have done in terms of the guidance that goes out is called Stephen Allott, who we call the Crown massively embellished this. There are 6,000 pages of Commercial Representative but could probably be guidance that went out from the Office of Government paraphrased as the SME Tsar, to take a view on SME Commerce on big IT procurements. procurement across the regime. He personally comes Chair: I am going to stop you there. I would like from a high-tech background. something in writing on this. I think it is a very important aspect, but we must move on. Q535 Chair: That is one. How many others? Francis Maude: One very senior. Q541 Kelvin Hopkins: Following the Chairman’s Ian Watmore: To give it the pivotal link, we are theme and the comment you have already made, recruiting somebody at the moment to come in and Minister, about the Government not being an lead on our digital world. We are recruiting somebody intelligent customer, it is evident that there has been a else to lead on the future of ICT. We are almost complete failure to be an intelligent customer over a certainly going to be taking those people from the prolonged period, and that is one of the main types of background that you seek, and we also criticisms that has been made during the course of our network very closely with representatives of the SME inquiry. Is that not a fair criticism and something that environment. With the thing that the Minister referred is still lacking? to a few minutes ago, we had 50 SMEs in the room. Francis Maude: We are not nearly as good as we should be. There has been a tendency for IT to be completely outsourced. This is much more Ian’s Q536 Chair: You have about three people from the territory and he understands it properly; I am an SME sector working for you. amateur. I have a sense that, when you outsource IT Ian Watmore: Three leadership roles. We have dozens in the quite comprehensive way that some big bits of of people who have come from the SME sector Government have, what tends to happen is either an delivering product or working on the team, but the assumption that we have outsourced, so that is fine, critical thing is to have people in leadership positions complete and we do not need to worry about it, or who come from that background. we retain a massive amount of in-house capability to Francis Maude: And who know the market, who monitor and man-mark what is being done by the know the supplier base and are out and about looking outsourced provider. for new suppliers with new ideas and new ways of One provider told us that they had 2,500 people doing things. That is part of making us, as working on the outsourced provision but there were Government, a more intelligent and informed 4,000 people in-house monitoring them, which is customer. insane. What you need is to have a small but very capable in-house CIO-type capability, which can scan Q537 Chair: I have to say I have far more confidence the market and see what is available. Ideally you have in SMEs getting access to Government business if not put everything out to one system integrator/ Government will deal directly with SMEs, rather than provider, so that you have more competitive tension relying on the large customers. in how you are procuring your IT services and Ian Watmore: I think we have said it is going to be projects. We have not yet got that balance right, and both. that is a big part of what we are aiming to accomplish.
Q538 Chair: In order to do that, there is a whole Q542 Kelvin Hopkins: To make any market other aspect here. Public contracting is necessarily meaningful, the purchaser must have a high degree of bureaucratic; it is highly regulated. It is even regulated power. If the provider has all the power, it does not by European Directive. operate as a market. HMRC in the 1990s apparently Francis Maude: It is completely regulated by outsourced everything—they gave everything away— European Directive. That is where it is regulated. and retained almost nothing internally with which to manage these very wealthy and powerful companies. Q539 Chair: That means it is very difficult to Obviously their job is to make profit and do well, and manage a very large number of tenders, for example, they saw a patsy—an easy win for them. You say a cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Ev 82 Public Administration Committee: Evidence
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore small disciplined team, but has that actually Q545 Kelvin Hopkins: In future you will not have happened? the situation identified by Joe Harley of the DWP that Ian Watmore: What the Minister said was exactly only 30% of contracts are successful and 70% are what I was going to say. We have either abdicated, clearly failures. Will that be better in future? giving it all away, or we have retained an army, which Ian Watmore: As I said earlier, the whole regime of has just added to cost and bureaucracy on both sides, project success has to be improved, which involves and the skill is to have something in between—the getting in earlier to ensure the project is well defined smaller intelligent group that can procure and manage at the beginning, when often it isn’t. a contract in partnership, and hold them to account Francis Maude: And improving our project when they need to, but help them fix things when they management capability, which is a much broader thing need to as well. That is a rare skill set. We have been than just IT, but tends to come to the fore in relation buying it in. Some of the people who are the CIOs of to IT. Government Departments were some of the very best people from the private sector. About half the CIOs Q546 Kelvin Hopkins: One final question: is it not from the last three or four years came directly from difficult to combine what I call the public service the private sector and were really top players. ethos with commercial concerns? I am prejudiced in We have also been trying to grow it from the ground favour of the career civil servant, whose loyalty is up. Six or seven years ago, we introduced a seen to be to the state—as is typical in France— technology fast-stream element for those people who together with the skills, so that they are really looking wish to come in from the university sector but after the public interest. specialise in this territory. I gave a presentation to Ian Watmore: The public service at large is very them very recently, and it is great to see them all lucky to have people with that public service ethos. I beginning to emerge now. It takes time to grow your think we have fantastic people and, right across the own. There is a mixture of buying in expertise, spectrum, those people are procuring things from the growing our own, and trying to get something small private sector—buildings, weaponry in the Ministry of and fit for purpose around the intelligent customer Defence and IT. Therefore, what we need are people function to avoid those two traps. with the public service ethos who have good commercial and commissioning skills, so that they can engage with the marketplace as appropriate, and IT is Q543 Kelvin Hopkins: Is there not a case for a big, no exception to that. powerful, in-house, publicly accountable group, Francis Maude: We do not take the view that whose loyalty is to Government, to the public purse mankind falls into two distinct parts, one of which is and to us, as those who use the public services? Is people with a public service ethos and the other of there not a case for building and keeping a centralised which is wholly commercial. We think it is possible facility, not just in the silos for each Department, but for people to be more complex than that. a centralised one that can say to Government Departments, “Do not deal with them”? Q547 Chair: I mentioned the client side earlier. Mr Ian Watmore: We do have both. Watmore, how many people are working on procuring Francis Maude: There is a case not for a big powerful IT across Government on the client side, as one would one but a small powerful group, which is what we put it? have to some extent, but are developing. Ian Watmore: I do not have an accurate figure in my head, but my memory was, if you include local Q544 Kelvin Hopkins: One more concern I have as Government, the NHS and the wider public sector as well is loyalty. With this free flow of people between well, we think there are somewhere between 40,000 the private and public sectors, people are constantly and 50,000 people on the Government side of the looking for promotion and advancement. If they see world. This includes hundreds of organisations. their future in the private sector after they have done a job for central Government, is their loyalty to be Q548 Chair: In terms of Whitehall, there must be questioned in some sense? They are IT experts; they 5,000 or 6,000 people in leadership roles. are not public servants, first and foremost. Ian Watmore: Yes, I would have thought it was Ian Watmore: We have business appointments rules something like that. that stop that, but actually what I find is that most people who come to our side of the table—i.e. the Q549 Chair: Shouldn’t there be an audit of this Government side of the table—stay there because they capability? Shouldn’t you get a grip on this? find the complexity and interest of the work to their Ian Watmore: The capability is led by the CIO liking. We do not have that flip-flopping. We are a net community that we have just talked about. We have importer of good talent from the private sector at the been bringing in expert CIOs from outside. We have moment. The only exporting we tend to do is when been growing the capability from within and doing we outsource a whole team of people to the private capability reviews right across the Whitehall estate. sector. We have been putting volume resources over the last two or three decades out, but trying to recruit Q550 Chair: But you do not know how many people back in some of the more highly skilled resources to you have. be able to fulfil the function. That is obviously never Ian Watmore: I do not personally here, but people do perfect, and it is work in progress, but it is what we know. I just do not have the figure in my head at are trying to do. the moment. cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Public Administration Committee: Evidence Ev 83
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore
Q551 Chair: Could you roughly summarise? Francis Maude: Yes. Ian Watmore: They are not my people, you see. They Ian Watmore: Or worse, in my opinion, people think belong to the Departments. They are in a cadre of they need to have a piece of technology to make their people and they do multiple roles. They do IT-related policy or their projects sound sexy. They have to be roles but they also tend to be the people who run the able to wave or show something around. Therefore, overall change programmes as well, because that is you either have technology not thought about or where the best project managers tend to come from. thought about in the wrong way right at the beginning. They have a broader role. We do not narrowly define Those two things are very often the case. somebody as IT or not. Francis Maude: They have tended to want an advertising campaign as well, which we have Q552 Chair: It would seem to me there are perhaps stopped too. five categories of activity they are undertaking. One is on the commercial side negotiating and managing Q556 Lindsay Roy: We know the extent to which contracts. One is about technical advice. One is about you are trying to make progress. To what extent is managing the projects themselves. There must be there still a dependency culture—in other words, an quite a lot of people who actually manage over-reliance on the technical expertise of the information, and then there is security. What sort of companies making the bids? cross-governmental training programmes do you have Ian Watmore: There is less of an over-reliance on the in order to ensure there is a cross-governmental technical expertise, because we can match that, but understanding of how these capabilities are meant to there is a real challenge in any organisation—and be working? Government is no different but we have it Ian Watmore: I think each of those areas has its own particularly—in what we call the legacy world. In capability development training programme of the other words, this is all the stuff we have, like the stuff type that I talked about—a mixture of bringing people I was talking about at the beginning, which I coded in in and training them up. the 1980s with my colleagues. It is still running and difficult to replace. It is like the airlines and banks; at Q553 Chair: That is run centrally, is it? the heart of their systems they still have technology Ian Watmore: It is usually driven out centrally then that is very old. We have a big dependency on that. executed in each of the Departments. For example, Therefore, in the case I was just talking about, that all when I came in, in 2004, I went with the professions, used to be ICL equipment and would now be Fujitsu the British Computer Society, etc, and the e-skills equipment. We are still dependent on that. It is less body, the Sector Skills Council for IT, and we looked about technical expertise and more about the legacy at one framework that goes by the acronym of SFIA, technology. which is Skills Framework in the Information Age, The Institute for Government report, which I liked, which was a single skills framework that we wanted which came out recently, talked about the idea of to apply. platform. What they meant by that was understanding there is this legacy world, but putting a wrapper Q554 Chair: What people say about that is that you around it so it sits there and whirs away untouched in have no power of direction to ensure there is the background, and then you build new stuff on this cross-governmental coherence. It is still left in silos. side of the wrapper. That is a very clever and smart Do you not need more of a business plan for way for us to be thinking about things in future. developing these skills across Government? Francis Maude: That is a very good question. As Q557 Lindsay Roy: What you are telling us is that always within Government, there is a tension between one of the key changes is that IT considerations will what you delegate and what you lead centrally. Over be viewed in a similar way to financial or legal the last year, since the Coalition Government was implications, and treated in the same way during their formed, we have tightened the central control of the development process. Would that be an accurate heads of profession-type role, and it had got very lax reflection? indeed so that, typically, heads of profession did not Ian Watmore: I absolutely think that delivery of the even know to the nearest thousand how many people policy, in all its guises, should be thought about right there were in their professional stream across central at the beginning when you are making policy, and Government. That is not good enough; it needs delivery includes technology, organisational change, stronger central leadership. This is a classic corporate people and the other things as well. I absolutely agree. head office function. It does not mean you want to do Francis Maude: As we move towards public services it all from the centre in the centre, but you do need being delivered much more online, following Martha leadership from the centre. Lane Fox’s excellent report, what has happened in the Chair: I will stop, because we must press on, but I past is that not very good processes that have been feel a recommendation coming on. designed to deliver complicated policy tend to get Francis Maude: One to which I feel a positive automated, which leads to a lot of complexity in the response coming as well. technology. The key insight Martha Lane Fox had in her report was that you need to use automation and Q555 Lindsay Roy: Evidence from witnesses the move to online delivery to force redesign of the indicates that too often IT has been an afterthought. Is process from the outside in. The Chief Executive of that a fair reflection? one Government agency said to me a few months ago, Ian Watmore: Yes. “Of course, we need to educate the public to use our cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Ev 84 Public Administration Committee: Evidence
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore service properly.” I said, “I think you have that the function it is, whether it is IT, finance, HR or wrong way around actually. I think we need to educate something, everybody wants to have their person on ourselves to provide our service in a way that the the board, and the view of departmental leads was that public do not need to be educated about it.” Amazon the boards would become overly big and complex. did not get where they were by saying, “We have to The only Departments that have CIOs on the board educate the public to use our service.” They did it by are those for whom IT is so massive. That tends to be having an offering that was irresistible, irresistibly DWP, HMRC and maybe the MOD; I cannot easy to use and then constantly developing it. We have remember. The rest have it at one level below board to change our own mindsets and behaviours. level. What we do is bring them together into the cross-government CIO council and, through Francis Q558 Lindsay Roy: How are you doing that, because and me, we can get interaction in to the permanent it is a means to an end? [Interruption.] secretary and ministerial teams. Chair: Order. Can someone kill the phone please or leave the room immediately? Carry on. Q561 Lindsay Roy: In effect, there is greater Lindsay Roy: It is a means to an end. How are you joined-up working. ensuring that progress is being made with the service Ian Watmore: Yes. requirements that drive IT? Francis Maude: It is not perfect yet. Ian Watmore: I am sorry; I lost the train of that Ian Watmore: The people are generally one notch question. Could you repeat it? closer towards it all. Lindsay Roy: How do you ensure the service Francis Maude: The only other point I would make requirements that drive IT? You were making the on CIOs being on the departmental board is that the point earlier. danger of it is that people say, “He or she is doing the Ian Watmore: Again, the Minister’s point is a huge technology. None of us needs to worry about the IT one, which we should develop, which is how we use projects.” Actually Ministers need to be taking an the world of the internet to deliver public services to interest in big projects generally, including IT the public. There are two fundamental changes. One projects, and so do permanent secretaries. I do not is that we can do things online that, in the past, think they have in the past to nearly a great enough required the public to interact with a clerk in an office. extent, so someone down there in the bowels of the Now they can do it directly. Equally importantly, we organisation will deal with it. That is not good do not need to do it ourselves in Government. If we enough. make the information and rules available, whole Lindsay Roy: It can also lead to a silo mentality. marketplaces develop on the other side of the divide. Francis Maude: Yes, absolutely. A great example of that is from talking to Mumsnet, the network of single mothers. They do not want us Q562 Chair: Can I just return to the question of to provide services; they want us to give them our commoditisation? Mr Watmore, how many contracts data so that they can provide services. If we can do do you think are out there where a new forms engine more of that, not only will it be easier for us on this is being written for the Government? side of the table to do the work but it will actually Ian Watmore: I do not know; I would imagine a create much better public service outcomes. That large number. comes from the internet’s availability, which of course was not there 20 years ago. Q563 Chair: Why does the Government need any more than one standard forms engine? Q559 Lindsay Roy: To what extent have you been Ian Watmore: This is part of the point the Minister involved in market and customer research in this area? was making about trying to understand what assets, Ian Watmore: Hugely. Martha Lane Fox has done a things like a forms engine, we already have, and whole report on the subject for us, which is therefore mandating/encouraging their reuse. Probably evidence-based, from all her work as the digital the example you use is that every different bit of champion for Government Race Online 2012. With Government thinks, “I have a form that needs filling our own Directgov website, which five or six years in. I will develop my own.” What we need to be ago did not exist but now has over 30 million people moving to is to say, “I need a forms engine. We using it every month, we have a lot of feedback on already have one of those, so I will use that one.” how that is working and how people are using it. We are beginning to use the technology that exists—I do Q564 Chair: DVLA has a very capable forms not think we use it as much as we could—to monitor engine. They have a capable payment system. people’s behaviour in the way they use the online Obviously rules engines need to be bespoke. Should world. That is informing us as well. There is a lot of there be more than one authentication gateway for change in this territory and it is very fertile ground for members of the public? the future. Francis Maude: That is a good question. We have a project exactly on identity assurance because, if we Q560 Lindsay Roy: Finally, IT considerations are at want to drive service delivery online, one of the key a premium, yet we are not sure how many CIOs are things is having a reliable way for people to have their on departmental boards. Can you enlighten us on that, identity assured, which is not a kind of national because they seem to have a key role? database. There is a very good project under way. Ian Watmore: This has been the source of some Ian Watmore: What we are trying to do there is to controversy over many years because, whichever reuse what the marketplace is already doing. Rather cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Public Administration Committee: Evidence Ev 85
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore than build a Government version of that, if the banks Ian Watmore: Absolutely, but at the guts of it will be already have a good reusable ID assurance platform, something that is bespoke, because it is Universal why would we not use that to be the trusted access to Credit. I do not think we are disagreeing; it is just that our world? The strategy that the Minister refers to you cannot just commoditise the whole of actually involves us not building our own thing but Government IT. You can make big progress from reusing market-based solutions that already exist on where we are, but you are going to hit a place where the other side of the wall, as I have described it. the bespoke nature still exists.
Q565 Chair: This is the kind of cross-governmental Q570 Chair: The concept should be that the commoditisation that the Cabinet Office needs to Government has a warehouse of data and functions, drive. but why do we not let Tesco, Barclays Bank, Amazon Ian Watmore: Exactly. As it happens, that particular and all these other people provide the interface with topic is one I personally chaired because it is so the customer? You are more or less suggesting it. Go important, so I agree with you. through your bank account to access your benefits or taxes. Q566 Chair: How does this square with your Francis Maude: Access for what purposes? comment that so much of what Government does is Ian Watmore: That would be to authenticate that you unique? are Bernard Jenkin, and you should then access Ian Watmore: I mentioned the cost. directly your tax records, which should be very secure Chair: It just has to be expensive. and privacy should be maintained, and your medical Ian Watmore: No, I am just saying that you asked records, and it should be you and you alone. where the money went. You said 80% of the money went on commodities, and I said it does not; it goes Q571 Chair: on the bespoke aspects of Government. I trust my bank with my bank details. Chair: The point I was making is that there is too Why should I not trust my bank with my tax details? much bespoke. If we are going to use real-time information from the Ian Watmore: The more you can commoditise stuff payroll, that is all in the private sector. That is run by in the way you have described, and the more you can a company called VocaLink, which we visited. They then let the market work in the way we were have all that data; it is perfectly secure. discussing earlier, not only do you have a cheaper Francis Maude: Famous last words. solution but a better solution. Commoditisation, to use Ian Watmore: I can imagine that perhaps a few a dreadful word of the English language, needs to members around this Committee would contest that build on the things you have just been talking about. putting people’s tax records in the hands of Where we end up, where the volume of the cost will Lloyds TSB would be the right way forward. The always fall will always be in those areas of a bespoke bottom line that I think we are saying is that there are nature. If we cannot eliminate those bespoke pieces of certain things that Government has to and should do, Government, and I am sceptical about how far we will and there is a lot more that can be done in the get with that—there is a lot of progress we can make marketplace. Finding the right balance is our but we will not get to the end—then we will still be collective job. At the moment, we are probably doing talking about that element dominating the cost, too much for ourselves and not enough in the because bespoke is more expensive than commodity, marketplace. by definition. Francis Maude: We can push back on how much Q572 Chair: Government is not immune to losing needs to be bespoke. I think your point is absolutely hard drives, as we have discovered in the past. correct. Ian Watmore: It is not, and neither are banks. Q567 Chair: The bits that need to be bespoke are the Q573 Chair: What the public want is control over bits the Russians want to look at that we do not want their own data. them to see. Ian Watmore: That is what I was just saying, I think. Francis Maude: That is not quite right. Ian Watmore: No, it is not. Francis Maude: There is not an off-the-shelf system Q574 Chair: As long as they know where it is and to deliver Universal Credit. who is keeping it, perhaps they should be allowed to choose who keeps their data. Q568 Chair: That is the rules engine, but we could Ian Watmore: That may be. use the same forms engine. We could use the same payments engine. Q575 Chair: As long as the Government has access Ian Watmore: Better still, we could not have a form to it when it needs it. and do it online. Ian Watmore: The critical point about data is that we Chair: That is what I mean. should secure the data from the onslaught of the Ian Watmore: That is what Universal Credit is. hacker and the terrorist, while enabling it for people online. That is the trade-off for which we are always Q569 Chair: There could be common components to trying to find the right balance. It is very easy to open Universal Credit, HMRC and DVLA. up data, but it is very hard to open it up securely. We Francis Maude: That is absolutely right. are trying to find that balance. cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Ev 86 Public Administration Committee: Evidence
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore
Q576 Chair: Moving on to Open Source and Open developers and say, “This is the problem we want to Standards, is this not another area that the Cabinet crack. Come back and give us your solutions to how Office needs to be able to mandate? When a we crack it, rather than build our own.” There is quite Department comes to a project and puts it in front of a strong trend in that direction. the Cabinet Office, you need to say, “No, this is going to be Open Source” or “This is going to be agile. This Q577 Chair: Is this push for Open Source and Open is the way you are going to do it.” Standards going to be a bit more successful than in Francis Maude: I will let Ian talk about the Open the past? Your previous head of the CTO Council was Source part of it. One of the things we have done, and Mr Open Source in Government, and when he left he I am not sure we have yet got it right, is establish a went to join Microsoft, which is hardly the shrine of sort of “Government’s works”, so that a small group Open Source software. of people will look at a proposition, test it, see if there Ian Watmore: I could not possibly comment. is a cheap and cheerful way of doing it and provide the challenge function early on. On Open Source, Ian Q578 Chair: Did he really believe in what he was can talk about that. doing? On Open Standards, my conclusion is that lots of Ian Watmore: I have no idea who you are talking people mean different things by Open Standards, and about, so I will ask him or her when I find out who there is often a completely sterile debate, because two it is. sides of the debate are talking about something completely different. There are loads of open Q579 Chair: Who is driving this in your Department international standards out there. What we need to do, now? Are they people from the Open Source to pick up your point, is to have a relatively small community? number, and we are consulting on this at the moment, Ian Watmore: We have mandated this in the strategy of standards that are mandated. For me they are we have just put out there. That strategy has been around two things. One is interoperability, signed up to by every Government Department. connectivity, so you do not have anymore what tended to be the case in the past: lots of different systems Q580 Chair: I am asking about the people. Who are being procured around Government that will not talk they? Are they from the Open Source community? Do to each other. That has been a massive problem and they believe in this new way of doing things, or are we need to be absolutely Stalinist about that: you can they just part of the old industry that is saying, “Oh, do what you like as long as it will communicate. Open Source is very fashionable. Let’s all say ‘Open Mandatory on connectivity or interoperability, but also Source’, but we don’t really mean it,” which seems to pretty mandatory about security—I mean protection of have been happening since 2004? privacy and security—without being so oppressively Ian Watmore: I do not think that is quite fair, because secure that the systems become unusable, which has people in Government are always looking for the been known to happen. best solution. Ian Watmore: I think you will find the strategy we have published today is promoting all three of the Q581 Chair: I am sure they are but, if they are the phrases that were used, agile, Open Source and Open wrong people, if they do not come from that culture— Standards, very strongly. They are all different. We Ian Watmore: There are strengths and weaknesses have just heard about Open Standards. Agile is a with Open Source software. It is not a panacea. method; it is a way of developing systems. We have Chair: I know it is not a panacea. taken that on board, as the best practice that seems to Ian Watmore: For example, our friends in be out there at the moment is to chop up these very Cheltenham will show you how they can hack into it large systems into very small bite-size chunks and very easily. When we are using products in the very introduce each one of those into your usable world secure world, we have to— incrementally. I went up to see the Universal Credit programme in Warrington the other day, and that is Q582 Chair: Of course, but we agree that that is precisely what they are doing. Instead of waiting for quite a small proportion of what you do. three years to develop the whole Universal Credit Ian Watmore: One of the most public state-sponsored programme, they are actually chopping it up into lots terrorist things was when people, and I will not say in of little bits and using the agile method to bring that which country, exploited a bug in Microsoft Word, on stream one piece at a time. which happened to be applied to somebody right on Open Source is another area we are very strongly in the outskirts of the Government network and it favour of. Government has always been quite a leader burrowed its way in to find its way to the heart of in this territory around the world. The whole UNIX something very secure. All I am making is the point world emerged as a reaction against IBM in the 1980s, that, while all of these things are very useful, they are when there was only one big platform on which you not a panacea. People also expect their technology to could build anything, which was IBM. People created work reliably. I personally would like to see people different operating systems, clubbed together and move off Microsoft products on to Open Source or made UNIX. The world moved on to that. We are use Apple technology. I use Apple at home; it is not increasingly in a territory where much of the software very open but I use it. I love it; I think it works; and we would like to use is freely available on the internet. it is great. I am Steve Jobs’s best customer, but 95% Rather than build our own, let’s use freely available of the business and Government world still uses Open Source software. Better still, let’s license out to Microsoft for its basic desktop products, because it is cobber Pack: U PL: COE1 [O] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Public Administration Committee: Evidence Ev 87
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore reliable and it works. I think we in Government have have all your data held in the cloud by Apple, and it an opportunity to change that game quite dramatically, syncs up with all your devices, so your iPhone, iPad, particularly on desktop technology, by making greater laptop or whatever. You can see your contacts, emails use of open products, and that is what we would like and so on. It is physically held in the cloud, and it is to push through. the cloud that gives you access. That is a remote storage route. That is where Government, like all the Q583 Chair: I am delighted to hear that, but would IT industry, is headed. not this change of culture that the strategy says we A very good example of that came recently. You may want be helped by recruiting people into your remember the police crime data, which was put up so Department who come from the community of people you could suddenly see on a website how many that believe in Open Source software and Open crimes had been committed in your backyard. That Standards? was about two months ago, and there was a huge news Ian Watmore: I think I have said we are doing that in spread about that. a variety of ways. Q588 Chair: There was an interesting story about Q584 Chair: You do not have anybody yet. that, wasn’t there? Ian Watmore: No, I think we have loads of technical Ian Watmore: There were several. Which one did you architect people inside Government Departments. have in mind? Chair: Loads? Ian Watmore: Yes, absolutely. Q589 Chair: Some people thought that the Government should simply make the data available Q585 Chair: Is that 8 or 50? and allow Google or someone to get hold of it and Ian Watmore: Loads is a very precise term, in the interpret it. Instead I think we spent £180,000 style of the Minister’s long word that I cannot developing our own presentational engine in remember either. What was that again? Government. Isn’t that the kind of expenditure that is Francis Maude: Lapidary. completely unnecessary? Ian Watmore: Lapidary, yes. Loads is not a lapidary Francis Maude: It is a perfectly proper debate. In the word, clearly. whole area of open data, what do we do with the data before we release it? The key thing we need to do is Q586 Chair: Perhaps you can follow up with a note make sure the data is machine-readable and usable. on this. Some of the financial data, the COINS database, is Ian Watmore: Loads could be better defined, I agree not particularly; it is deeply impenetrable, but a new but, when I go around Government Departments scheme is being produced. Just to say the data is all visiting their IT departments, I meet with people from you need to put out there is not sufficient. Certainly a whole variety of backgrounds—small companies, my transparency board, which contains serious experts open environments, as well as lifelong civil servants in this territory—Tim Berners-Lee, Nigel Shadbolt and big integrator types. It is what we have. We have and Rufus Pollock—is quite fierce about what we do a collage of people. and do not do. I do not think that anyone seriously says we did too much. If we got that crime data out Q587 Chair: Finally on the G-Cloud, can you just there for £180,000, that is pretty damn good, I think. explain to the Committee what your objective with the Ian Watmore: There have been tens of millions of hits G-Cloud actually is? on that data. There is a whole slew of these kinds of Francis Maude: Lots of people, again, mean different industry types now picking up on that data and things by G-Cloud. Let me tell you what I think and providing interesting public services. Ian could probably correct me when I get it wrong. Chair: I think it is an excellent initiative. Ian Watmore: Probably not. Ian Watmore: The reason I introduced it is that in this Francis Maude: The first thing that the G-Cloud is, case—and I may have got the details wrong—we used actually, is a very basic thing. It is consolidating and Amazon to be the place where this data was physically reducing our data centre estate, which is massive and stored. We knew we were going to get a surge of massively underused. The first thing you should do is millions of people and, therefore, we wanted to use be saying across Government you may not just have something that was used to that volume of computing. your own silo data centre; we are going to crunch The cloud has many ends and purposes. It is where down what the estate looks like and ensure that it is the industry is going and we are no different from that. much more intensively used. The second thing is the app store, the reuse—I mean Q590 Chair: So you are not trying to create a knowing what we have, what there is and making it Government-owned cloud? easier for what has already been bought and invested Ian Watmore: Not in the way that I think you mean. in to be adapted and reused in other parts, certainly of We are looking to people using cloud-computing central Government but then in the wider public techniques increasingly and, where appropriate, the sector. I think that is the outer limit of my knowledge marketplace, and that starts with our own background on this. of data centres, which we need to consolidate and Ian Watmore: The whole direction of the IT industry secure to turn them into a more accessible is moving towards cloud computing. That is what we environment. are all doing in our personal lives. If you happen to Chair: I think we have had a very interesting session. be, like me, an Apple MobileMe user, you in effect Do any colleagues have any future questions? cobber Pack: U PL: COE1 [E] Processed: [26-07-2011 10:28] Job: 010970 Unit: PG05 Source: /MILES/PKU/INPUT/010970/010970_o005_michelle_PASC corrected transcript 30 March HC 715v.xml
Ev 88 Public Administration Committee: Evidence
30 March 2011 Rt Hon. Francis Maude MP and Ian Watmore
Q591 Kelvin Hopkins: I just have one small many people’s heart-rending cases. People have been question at the end. To deviate, dissenting slightly underpaid or overpaid. They may suddenly get a from what the Chairman was saying earlier, the thrust demand for £4,000 by next week or the bailiffs are of all my questioning has been about the need to round. I am going to be mildly partisan about this. develop stronger, more powerful, more effective This was a dogmatic view by the Chancellor at the in-house capacity to deal with the market. The idea time, who said, “This is what we are going to have. that bankers should somehow have a big role in all Do not bother me with the detail; just go and do it.” of this strikes horror into me. Bankers have shown It was a disaster that has caused misery for hundreds themselves to be unprincipled, money-grabbing and and thousands of people. not competent. They have brought us to the brink of Kelvin Hopkins: Now you are in power you can catastrophe. I would like to think that Government change it. would not be like that. The question is: would that kind of outsourcing also undermine public Q593 Chair: Thank you very much indeed. I have accountability, which has been fundamental in one very last question on behalf of the House Government? When I ask a question of a Minister, I authorities. You may be aware that the Administration do not want the Minister to come back, written or oral, Committee in this House has been working out how saying, “We are not going to be responsible for this we can electronically table our questions to anymore.” I want the Minister to give an answer. Departments, but it does require a very small Francis Maude: It is a fair question. You are reverting investment by each Government Department in the to the issue we were discussing about identity machinery at their end. There seem to be all sorts of assurance and tax records. Certainly as far as identify obstacles in the path of this. We are talking about assurance is concerned, if there are other organisations £20,000 per Department. Do not ask me why we are out there, which may be public or private sector, that not just doing it on email for free. I wonder whether are highly motivated to be good at checking that you I could leave this with you, because we could save a are who you say you are, then we should not be great deal of money across the public sector if we reinventing the wheel. This is our point. Plenty of data could table and answer all Parliamentary Questions out there can be matched and brought together electronically. Are you aware of this? instantaneously for the purposes of assuring your Ian Watmore: The inner workings of Parliament IT identity, and is then dispersed. That is fine; I do not have been jealously kept away from any hands of the think anyone should have any worries about that. Your Civil Service or the Cabinet Office. It is seen to be question about whether we should be asking other part of its independence. private-sector organisations to hold sensitive personal data is a very good question. Q594 Chair: Do you want somebody to come and Ian Watmore: What I was trying to say earlier was I see you about it? think that is a political subject. All politicians in the Ian Watmore: If they wish to formally request past, of all persuasions, have been clear to me that tax something, I am sure we would look upon it records should be held by the state on behalf of the favourably. citizen. If there is a political shift to that, then we can start to look at different options, but that has never Q595 Chair: Are you aware of the effort to try to really been an issue in the past. automate? Ian Watmore: I am aware of lots of efforts to Q592 Kelvin Hopkins: One very small separate modernise the workings of Parliament with question again: you mentioned a number of times, and technology, including using iPads in the Chamber. I agree, that often it is the policy at the beginning of the show that causes the problems. Had you been Q596 Chair: This is about interfacing with advising the Government, would you have said, Government Departments. “Whatever you do, do not give credits to HMRC”? Ian Watmore: I understand that and there have been Put the issuing of credits or benefits with DWP, which many examples of that in the past, which have all is where they belong, and then you can integrate the ended in tears as well. I would be happy to get whole lot into the Universal Credit and not have four somebody to talk to whoever is working on it. separate organisations that deliver benefits or credits, or collect money from people. We have local Q597 Chair: May I ask the relevant Clerk if he will Government, Work and Pensions, HMRC and the send you a short note, if you could deal with it? Child Support Agency, which is separate again. If all Ian Watmore: Absolutely, we will get the right people that was dealt with by one Government Department, to talk to each other. would it not solve a lot of problems? Chair: Thank you. Thank you very much indeed. Francis Maude: I have yet to find anybody who That was a very interesting session, and we wish you believes that the introduction of tax credits was an well with the challenges you have. unqualified success. All of us as MPs have heard so Public Administration Committee: Evidence Ev 89
Written evidence
Written evidence submitted by Westminster City Council 1. Good Governance: The Effective Use of IT 1.1 Westminster City Council welcomes this inquiry into the way government develops IT policy and the strategy for implementation. Our start point is that both of these should not be limited to central government, as has been the case to date. Public service delivery spans local and central government, health, criminal justice and the voluntary sector and IT can be a core enabler but is often the blocker for successful and cost effective provision. Spend on ICT in the public is higher than it should be because procurement takes too long, too many instances of the same thing are bought, provision is too territorial, we do not engage effectively with the marketplace and we do not include technology as an integral part of transforming services often enough. 1.2 The UK is thought of as a leader in ICT adoption and use by other countries but they are catching up and will soon leave us behind if we do not keep pace with the seismic changes in the ICT marketplace through the move to cloud based managed services. In this age of austerity, we will need to embrace shared services and use ICT to make it possible, not entrench existing systems and structures further by cutting necessary investment and sweating legacy assets.
2. Q1: How well is technology policy co-ordinated across Government? 2.1 In my experience, whilst government is very good at defining technology policies it is not effective at ensuring it is implemented. Significant examples include data and interoperability standards, where policies were established and frameworks produced for adherence to those polices during 2001 to 2004, yet here we are with many interpretations of location mapping (especially addressing) and an ongoing headache with data compatibility between different line of business systems. The failure here sits squarely with a) internal compliance with data standards and b) acceptance of interoperability standards by systems providers. 2.2 A further area of disconnect is that between the various public sector realms of central government, local government, health and criminal justice. Whilst central government looks inwardly on many policies there is an expectation that the other sectors will comply with the demands placed on them. The best example of this has been the long running saga around Codes of Connection between various public sector ICT domains. Much of the compliance has been, and continues to be, based on high levels of security for handling restricted data and the technical standards have been based around network connectivity. The vast majority of public sector data is not highly classified and the material that is almost always resides in specific business applications where security has been set to meet compliance levels, rather than the entire network used by a public sector entity. This approach has generated significant cost over the last 3 years which could have been avoided if policies and standards had been developed in conjunction with the whole of the Public Sector.
3. Q2: How effective are its governance arrangements 3.1 Effectiveness has been very limited, evidenced by continued project failures and disjointed decisions on major ICT investment decisions. These are disjointed on two levels: the first is by continuing with national infrastructure decisions being made at individual central government departmental level, missing opportunities to realize savings through convergence and consolidation. The second is by not having a strong enough link to the desired business outcome through the operational or policy lead responsible. Too often IT is viewed as a dark art or worse still something that will just deliver without needing to engage with the deliverers. Project sponsors should not be IT professionals. They need to be the outcome owner in totality with recognition that IT is just part of the puzzle. 3.2 The most recent example of this behavior is the government’s reaction to radical changes in the IT commercial landscape: the move to “Cloud computing” solutions. The government’s reaction to this has been dominated by the drive to establish the “G-Cloud” and a government Applications Store. Why try to replicate what the commercial market is already doing, especially given that much of government’s ICT provision is outsourced albeit through contracts that locked in legacy proprietary platforms and systems? Surely a more practical and lower cost approach would be to embrace the commercial shift and seek to use government buying power to maximize pricing on those new platforms? Security can be overlayed to address government concerns and resilience would be improved by moving away from dedicated government systems to much larger ubiquitous services. The question of geographical location, often quoted as one of the blockers to adopting commercial cloud offerings, is solely based on the fact that as long as public sector ICT remains internal to organizations the business case to build or adopt commercial offerings in the UK is undermined. In fact the UK is an attractive location for cloud hosting given its climate, political stability, network capability, global location, technical expertise and security. Government could be a catalyst for growth for that whole industry here.
4. Q3: Have past lessons from NAO and OGC reviews been learnt and applied 4.1 This is patchy and the fact that we return to the same lessons around focus on outcome, ownership, leadership, financial management and supplier management tells us that cultural change around decision making Ev 90 Public Administration Committee: Evidence
and project management in relation to IT investments remains the same as it was over 20 years ago—left to technologists and put at arm’s length by the very businesses it is there to deliver for. That said there have been noticeable successes: vehicle excise duty online, census data (in recent years) and even some of the NPfIT projects, especially where clinicians were actively engaged. 4.2 Perhaps a new approach would be to examine why projects succeed and use those lessons to improve skills and governance?
5. Q4: How well is IT used in the design, delivery and improvement of public services 5.1 The relatively high costs of public sector IT in this space can be put down to the following issues: — Long and complex procurement timelines, often much slower than the pace of technology change. — Project management focused on activities and deliverables against the original plan which may not stay aligned with changing business needs. — Dogmatic purchaser/provider relationships built around a point in time contract rather than a shared understanding of the outcomes. — Closed markets with few suppliers offering outdated solutions. — Disconnect between technology delivery and business need. 5.2 All this can be resolved by the public sector becoming more agile, staying focused on what will come out of the end of a project and making sure that it remains relevant.
6. Q5: What role should IT play in a post bureaucratic age? 6.1 IT remains critical to the ability for the public sector to share information, move to self service, protect the now considerable digital assets we are responsible for and help services transform safely and effectively. It must not do this in isolation though. IT must also integrate with information governance to ensure both are developed and deployed in a way that protects the individual. Business leads must lead on outcomes and engage with IT towards a common goal, not leave the techies to come up with the IT answers. 6.2 The evidence of where this is successful rests in the adoption of mobile technologies by retail and other services across the private sector. Rapid development and deployment of web services for mobile devices are critical to gaining market share and essential for retained customer loyalty. The latter applies equally to the public sector, just renamed customer service. For these applications to succeed the whole supply chain is affected, from point of sale through to fulfillment. Therefore business leads, support engages and IT becomes the enabler and is integral to the project, not left to one side to come up with the answers.
7. Q6: What skills does government have and what are those it must develop in order to acquire IT capability 7.1 Government is not short of technicians. It is short of people who can define a business outcome and understand how IT can help enable it. On project and programme management, there is no shortage of PRINCE2 trained people but there is a shortage of project sponsors who are confident and competent enough to lead a change programme, with IT in it, through to delivery of what needs to change. Also lacking is strong commercial skills in managing supplier delivery and ensuring costs remain competitive and good value for live operational systems. It is here where costs remain static or even creep up through alleged inflationary pressures (odd in an industry where costs are constantly driven downwards by productisation and volume growth). Perhaps the greatest driver for increased cost and the risk of failure is the lack of understanding around the impact of legislative change on IT systems demands for new provision and upgrades. 7.2 The evidence base for these skills shortages is overwhelming: NPfIT and its ongoing relevance to a changing health industry and service; social care systems across the country being constantly revamped at significant cost thanks to regular legislative change; housing benefits systems across the country being changed annually due to procedural changes; RPI increases as standard in many ICT contracts; the ContactPoint and Identity management projects.
8. Q7: How well do current procurement policies and practices work? 8.1 In short, they work very badly. EU IT procurement often takes two years or more from start to finish, against an industry where solutions and products operate on a complete refresh and upgrade cycle of less than a year! The marketplace is also dominated by a small number of suppliers, in turn further dominated by an even smaller group in specific segments (health and social care, environment, tax and benefits, libraries and leisure, corporate systems, planning and education). This is not unique to the UK, with many European countries suffering the same stale market conditions. This stifles innovation and drives up cost at the expense of the buyer and end user. Changes under way in the IT industry do however provide scope to disrupt the current market through the adoption of total managed services, as those providers move to integrated people and technology based provision. This means the public sector will need to move away from buying IT in isolation and instead include it in more comprehensive service procurements and ongoing service provision. Public Administration Committee: Evidence Ev 91
8.2 Another area for improvement would be the establishment and adoption of more market specific framework agreements for services, enabling fewer procurement exercises and speeding up the timeline between specification and award.
9. Q8: What infrastructure, data or other assets does government need to own, or to control directly, in order to make effective use of IT? 9.1 We need to own very little. Government does need to retain key skills around: — Technical design, to understand how information and transactional services are operating and to ensure they remain legally compliant around information management, financial control, investigation and access. — Security and configuration management for the same reason. — Service delivery management to ensure good value is delivered and competition remains healthy. — Strategic thinking, to understand the opportunities technology can offer and how they translate to the business of public service. 9.2 There will be areas of government where security considerations will necessitate retention of some assets but these are relatively small. The fact is that much of government’s ICT is already in the commercial environment, just not optimized for cost or delivery.
10. Q9: How will public sector IT adapt to the new “age of austerity” 10.1 There are two ways this can go: (a) Organisations will cut back their IT spend on business applications and core provision, not renewing existing systems and sweating the assets. Business change projects will struggle to secure invest to save funding where IT is concerned (typically the invest part) and as a result organizations will find it harder to enact change to deliver efficiencies, instead choosing to cut services. (b) Public sector bodies will adopt shared services as the way to deliver savings through economies of scale and increased standardization. IT will be able to drive out some of those economies of scale but the real benefit will be in adoption of data standards and reduced customization of business systems, both areas where IT costs often double on projects. 10.2 The first will deliver some savings in IT but limit wider opportunities. The second will deliver considerably more savings in IT as well as enabling organisations to yield structural savings.
11. Q10: How well does government take advantage of new technological developments and external expertise? 11.1 Much of government’s technology implementation is about two years behind where the industry is. The reasons are: — The public sector needs to be able to engage with suppliers more openly than at present. Much has been said about establishing a “skunkworks” approach and it has merit, but only if it is sponsored and run by the supply side with clearly defined ground rules for public sector interaction. This will protect companies’ interest in being able to bid for subsequent public sector work based on collaborative development activity, something that is largely prevented by the fear of exclusion by perceived unfair advantage. — Procurement rules drive timelines which are much longer than the refresh rate of technology itself, so by the time a solution is implemented it has been succeeded by newer versions. Framework agreements can alleviate this. — Overly prescriptive security conditions limit adoption of newer technologies and limit data exchange. More proactive engagement with industry and greater adoption of risk based security can alleviate this.
12. Q11: How appropriate is the Government’s existing approach to information security, information assurance and privacy? 12.1 The expectation of government and the wider public sector is to protect citizen data and there is no room for compromise on this. That said, many of government’s security standards are excessive, the Code of Connection process and the Government Gateway being the best examples of security excess over usability and interoperability. There is a need to separate national defence/military demands from civil administration around security which may help to bring a more practical perspective to what is needed in the latter’s case. 12.2 Another change needed is a move to adoption of best practice around risk based security management. This is beginning to happen but there is an ongoing conflict between central government compliance standards based on hard wired solutions and risk based compliance which concentrates on policies, procedures and people. Ev 92 Public Administration Committee: Evidence
13. Q12: How well does the UK compare to other countries with regard to government procurement and application of systems
13.1 The UK is certainly considered as a leader is some areas of ICT: the extent to which we outsource is much greater than that of the rest of Europe; our willingness to adopt new technologies around web services; our recent drive to take out cost as part of the austerity agenda; and our focus on information assurance.
13.2 Our approach on procurement and provisioning of ICT seems to be behind others. In Australia and elsewhere in the Asia Pacific region many governments have established arm’s length or joint venture organisations for the provisioning of ICT across government, either nationally or regionally. Many of these vehicles have been used in place of full outsourcing and they are able to bridge the purchaser/provider gap effectively around innovation.
13.3 The problem with closed markets and limited supply is universal, in part driven by the public sector in most countries electing to build purpose specific systems rather than adopting modular commercial products, although the move to ICT as a commodity through cloud services is already disrupting the market positively.
13.4 Security restrictions and lock-in around legacy systems are both universal problems for government. January 2011
Written evidence submitted by Cloud Industry Forum
About the Cloud Industry Forum
The Cloud Industry Forum was established in 2009 to provide transparency through certification to a Code of Practice for credible online Cloud service providers and to assist end users in determining core information necessary to enable them to adopt these services.
Our Mission
The Cloud Industry Forum (CIF), is a company limited by guarantee, and is an industry body that champions and advocates the adoption and use of Cloud-based services by businesses and individuals.
We use our resources to support a credible and certifiable Code of Practice that provides transparency of Cloud services such that consumers can have clarity and confidence in their choice of provider.
Our ambition is to bring business consumers and suppliers of Cloud Services closer together in a trusted and sustainable marketplace.
Cloud Computing—Capex Free IT on Demand
Driving consumption-based and shared delivery IT models in the age of austerity: “Access to the networked resources provided by ‘clouds’ enables companies to enter markets without having to meet the capital costs of building their own computer infrastructure. What they get instead is a sort of ‘pay as you go’ service tailored to their specific requirements.” “This is especially significant today, at a time when we are seeing an explosion in the number of portable devices with limited storage capacity. Access to clouds enables them to transcend that limitation and provide a level of functionality which would normally be associated with much larger machines.” “It is in all of our interests to turn this vision into reality. But let us not under-estimate the challenges.” “First, there must be a step change in the co-operation between industry, consumers, and governments to ensure individual privacy: data security: and confidence in the remote storage of critical information. It is no good, for example, in the European Union—as they propose—deciding on data protection rules that might prevent citizens from accessing the service they want just because this might involve data transfers outside of Europe.” “Second, we need to address the public policy issues in particular those which relate to trans-national cloud computing. There is a real example to clarify which jurisdiction applies to the stored data. Here we will need both vision and an acceptance that the old certainty of knowing where data is stored may have passed.” Ed Vaizey MP Minister for Culture, Communications and Creative Industries BIS-SCIO INTERNET FORUM 22 November 2010 Public Administration Committee: Evidence Ev 93
Summary — The evidence submitted in this paper is designed to address the issues raised in questions 5, 8 and 9. — Chancellor of the Exchequer George Osborne announced that the coalition government would be cutting £95 million from public sector IT spending this year. — He also implemented a freeze on ICT projects valued at £1 million or more and scrapped Becta, the non-departmental agency tasked with promoting government use of IT. — However IT remains an essential vehicle for the efficient delivery of services to the public. What we are seeing with the immediate reduction announced in May 2010 and the subsequent squeeze in the Budget has been a dramatic impasse in the IT procurement landscape in the public sector. — Whilst these spending cuts may at first seem concerning for public sector IT chiefs and IT suppliers, we are confident that the advance of cloud computing (the delivery of online, secure, scalable and resilient IT services on a pay-as-you-use basis) will be a tremendous enabler to ensure that required IT solutions can still be implemented but without the significant capital costs associated with the more traditional “on-premise” supply models. — Local and central government have more technical delivery options available to them today than in years gone by, and as such the thoughtful application of cloud based services offer a credible and viable way to save costs and improve the way IT is procured and delivered. There is no doubt that the financial constraints imposed today will give added impetus to the adoption of Cloud based computing services and advance the delivery of the Government Cloud (G-Cloud). — The role of the Cloud will be crucial where departments that either don’t have solutions in place yet, or need to upgrade their infrastructure, will need to make decisions on the basis of what will drive efficiency and optimise their IT expenditure.
1. Cloud Computing—A transformational technology 1.1 The Cloud Industry delivers cloud computing services and is defined as follows by ISO/IEC JTC 1 N9687 Report on Cloud Computing: Cloud computing provides the IT infrastructure and environment to develop/host/run services and applications, on demand, with pay-as-you-go pricing, as a service. It also provides resource and services to store data and run applications, in devices, anytime, anywhere, as a service. 1.2 Cloud computing therefore is a style of computing whose foundation is the delivery of services, software and processing capacity using private or public networks. 1.3 The focus of cloud computing is the user experience, and the essence is to decouple the delivery of computing services from the underlying technology. Beyond the user interface, the technology behind the cloud remains invisible to the user, making cloud computing incredibly user-friendly. 1.4 Cloud computing is an emerging approach to shared infrastructure in which large pools of systems are linked together in private or public networks to provide IT services. The need for such environments is fuelled by dramatic growth in connected devices, real-time data streams, virtualization and the adoption of service- oriented architectures and Web 2.0 applications, such as mashups, open collaboration, social networking and mobile commerce.
2. Customer Benefits 2.1 Cloud computing is widely expected to transform the way IT capacity and capability is delivered over the coming years due to its highly economical pay-as-you-consume business model. 2.2 No longer is IT adoption the privilege of the wealthiest companies or public sector bodies but it is both affordable and more resilient than many services can be delivered internally. 2.3 The customer benefits of Cloud Services typically get grouped into three areas:
Financial — Shift from capex investment to opex. — Pay only for what you use. — Lower and predictable operating costs. — Matching costs to operational demand.
Managerial — Reduced IT Management overheads. — Faster deployment. — Higher Reliability and fault-tolerance. — Scalability to ensure resources are available as needed. Ev 94 Public Administration Committee: Evidence
Workforce collaboration and productivity — Enhanced Service Levels. — Internet enabled. — Anywhere access. — Resilient infrastructure = less downtime.
3. Market size 3.1. According to recent findings by research firm IDC, cloud IT services are currently worth £10.7 billion globally and is estimated to grow to around £27 billion by 2013. These are staggering predictions and something for the industry and general UK economy to be excited about. The economic and innovation implications are profound for businesses adopting cloud solutions as it reduces the barriers to entry for small and mid-sized companies to have a world class agile and secure infrastructure without the capital expenditure traditionally required.
4. Challenges confronting Government data centres 4.1 Ballooning labour costs—IT budgets are increasingly strained by the rising cost of personnel required to maintain and manage the data centre. Administration costs for servers have spiked by 400% since 1996 and now comprise the single largest cost within the data centre. (source IDC) 4.2 Sky-high energy consumption—Power and cooling costs for data centres have skyrocketed by 800% since 1996, and the escalating costs see no end in sight, yet data center resources have low utilisation (many below 20%). 4.3 Growing Demands from users—Today’s on-demand society assumes nearly universal access to real-time data and analytics in a resilient, secure environment. Anything short of that standard is unacceptable. These demands are being driven by a proliferation of data sources, mobile devices, radio frequency identification systems, unified communications, Web 2.0 services and technologies such as mashups. These rising expectations are also creating demands of data centres that IT administrators are challenged to satisfy. 4.4 Chaotic data silos—Too often, today’s data centre is a haphazard collection of multiple hardware systems, operating systems and applications that have accumulated over a period of years in response to the demands of various internal business units. These disparate systems grew without an enterprise approach to the data centre that was based on a common set of goals and standards. Instead, the systems were often dedicated to meeting the specific needs of a single business unit or process function without a view toward interoperability with the rest of the data centre or the needs of other parts of the organisation. Often, the result was a data centre with multiple versions of databases, operating systems and hardware from a variety of vendors. This environment can easily result in thousands of different system images in a data centre. This high degree of complexity not only greatly increases the number of dedicated technical staff needed to troubleshoot issues—it also heightens the risk of service outages. 4.5 Exponential growth in data volume—The proliferation of devices, compliance, improved systems performance, online commerce and increased replication to secondary or backup sites is contributing to an annual doubling of the amount of information transmitted over the Internet, according to market researcher IDC. The world’s information, the raw material for databases, is projected to double every 11 hours by this year. 4.6 A key goal of the G-Cloud initiative is to facilitate the reduction in the number of Government data centers.
5. Innovation, flexibility and cost control in the post bureaucratic age 5.1 The hidden cost in responding to these challenges is lost innovation. Having to spend much of their day fixing problems prevents IT professionals from devoting the time and resources to development activities that could truly promote innovation and tap the potential of IT. 5.2 To move forward, one must begin to look differently at how the delivery of cloud can help drive innovation. Government IT executives must reposition themselves as leaders who can bring their organisations to new levels of performance and efficiency through IT while also focusing on improving service, reducing costs and managing growing risks in an ever-connected world. 5.3 Cloud computing liberates organisations to deliver IT services as never before. Cloud enables the dynamic availability of IT applications and infrastructure, regardless of location or scale. 5.4 More rapid service delivery results from the ability to orchestrate the tasks to create, configure, provision and add computing power in support of IT and business services much more quickly than would be possible with today’s public sector computing infrastructure and delivery models. 5.5 Enhanced service delivery reinforces efforts for customer and voter satisfaction, faster time to market and information management and service management initiatives, which also support your service delivery initiatives. Public Administration Committee: Evidence Ev 95
5.6 Cloud computing also promotes IT optimisation so that IT resources are configured for maximum cost- benefit. 5.7 This is possible because cloud computing supports massive scalability to meet periods of demand while avoiding extended periods of under- utilised IT capacity. With the click of a mouse, services can be quickly expanded or contracted without requiring overhauls to the core data centre. 5.8 The benefits include lower cost of ownership, which is an essential prerequisite of the age of austerity, enabling you to more easily reinvest in your infrastructure and answer the question, “How do I do more with fewer resources?” 5.9 Cloud computing fosters public sector innovation by enabling organisations to explore quickly and cost effectively the potential of new, IT-enabled business enhancements that can grow with unprecedented scale. 5.10 Not only does cloud computing deliver a lower cost base and greater return on IT spending, but it also promotes more efficient and effective use of technical staff. IT labour costs alone represent as much as 70% of an IT operating budget. With its highly autonomic character, cloud computing eliminates much of the time traditionally required to requisition and provision IT resources. 5.11 Cloud computing also yields significant cost savings in the real estate required for the data centre as well as power and cooling costs. Thanks to virtualisation and the cloud’s capability of tapping resources (either through a private cloud or tapping publicly available cloud resources), data centres can rein in the relentless pressure to expand their physical footprint. That space savings translate into reduced energy consumption, an important consideration in light of the fact that power and cooling costs for data centres have risen eight-fold over the past 12 years (Virtualization 2.0: The Next Phase in Customer Adoption. Doc. 204904 DC, Dec. 2006). Cloud services by nature can be delivered as a service and need not be implemented in the Governments current data centres, whilst still leaving full management and control with the public Sector IT executives. 5.12 Studies have documented that cloud computing can save 80% on floor space and 60% on power, while tripling asset utilisation (http://www-03.ibm.com/systems/resources/systems_optimizeit_datacenter_pdf_ NEDC_ POV_MAR_2008_-_02.pdf) January 2011
Written evidence submitted by British Computer Society (BCS) BCS, The Chartered Institute for IT The Institute promotes wider social and economic progress through the advancement of information technology science and practice. We bring together industry, academics, practitioners and government to share knowledge, promote new thinking, inform the design of new curricula, shape public policy and inform the public. As the professional membership and accreditation body for IT, we serve over 70,000 members including practitioners, businesses, academics and students, in the UK and internationally. We deliver a range of professional development tools for practitioners and employees. A leading IT qualification body, we offer a range of widely recognised professional and end-user qualifications. www.bcs.org
Summary of Main Points 1. Government technology policy can only be effectively implemented and the benefit realised through collaboration with the private sector and academia. Key success factors include the definition of core standards which will underpin sharing and re-use of information and all aspects of IT and information management. 2. A centralised fiscal and managerial authority over cross-cutting programmes, together with centralised technical leadership are the principle keys to effective governance arrangements. The governance and management of all projects need to be raised to the level of the best, with the SRO role being embedded more comprehensively and universally in government managerial practice. 3. To adapt to the environment of austerity, implementing new IT (e.g. to redesign existing systems) is necessary and will require investment. For IT implementation to be effective, it must be owned by the organisational executive and be seen as a business change programme supported by technology. 4. In a “post-bureaucratic age”, IT’s role is one that underpins and enables efficient delivery of public services. 5. We welcome the important developments in the public sector towards professionalising IT such as the widespread adoption of SFIA in defining skills and roles. With the reduced use of external IT specialists and in some cases it has been drastic, we recommend that departments strive to retain an in-house core of IT Ev 96 Public Administration Committee: Evidence
specialists and a managed approach to outsourcing, to avoid projects failing due to diminished IT awareness and capability. 6. The Government needs to maintain an awareness of new technological developments and contemporary business practices and skills to ensure a more effective exploitation of its investment in IT. 7. We acknowledge that the Government’s approach to information security and information assurance has improved significantly over the last decade and policy is more pragmatic and generally understood by users. However, we recommend that the Government adopt a more proactive and holistic approach in all areas of information security; in particular, in the area of privacy where appropriate governance should have a sense of a formal, clear and joined-up strategy.
Consultation Questions 1. How well is technology policy co-ordinated across Government? 1.1 The UK Government published “Transformational Government—Enabled by Technology” in November 2005 as the foundation for the implementation of change across the public sector. In January 2010 the Cabinet Office launched the “The Government ICT Strategy”, the strategy claims to be smarter, cheaper and greener founded on open source, open standards and re-use, for delivering the strategy for a more co-ordinated approach to IT policy. This strategy can only be effectively implemented and the benefit realised through collaboration with the private sector and academia. 1.2 The Institute would welcome the opportunity to contribute to this work before policies and implementation are finally agreed. Key success factors include the definition of core standards which will underpin sharing and re-use of information and all aspects of IT and information management. The Institute has significant expertise and intellectual resources to contribute to the agreement of standards. The appropriate use of open standards should be an integral element of the standards and policies. Given the wide range of activities across the public sector, care must be taken not to over-centralise while avoiding “reinvention of the wheel” which has undoubtedly taken place many times across government in the past.
2. How effective are its governance arrangements? 2.1 Accountability resides primarily at the departmental level in government, and we recognise that IT governance in major departments is generally well established. However, for activities which span sectors or other groupings of departments, the position is less well developed and with a few notable exceptions has not generally been effective. The lack of centralised fiscal and managerial authority over cross cutting programmes, together with absence of centralised technical leadership is the principle impediments to success.
3. Have past lessons from NAO and OGC (Office of Government Commerce) reviews about unsuccessful IT programmes been learnt and applied? 3.1 Senior level engagement in IT-enabled projects has improved significantly in recent years, with the importance of the SRO (Senior Risk Owner) role being recognised and implemented to various degrees. The Institute believes this trend needs to be embedded more comprehensively and universally in government managerial practice. The recent NAO report on projects recognised various improvements in the delivery of projects but again we believe that the governance and management of all projects needs to be raised to the level of the best, which is a prodigious task. 3.2 Analysis has consistently demonstrated that IT-enabled project failures are frequently caused by over- ambitious and unnecessary centralization and excessive adherence to detailed and unique specifications. In addition the need to adhere to historical contract specifications, eg LSP (local service provider) contracts, impedes competition where product improvement is driven by specification rather than market innovation.
4. How well is IT used in the design, delivery and improvement of public services? 4.1 There are examples in public service where IT is used well, these include the HMRC and the DVLA online services which deliver excellent citizen-focus online services. The National Programme for IT and Directgov.uk have replaced a previously chaotic system of delivery into a robust infrastructure which provides world leadership in the development of standards. 4.2 However, in the present regime of cost-cutting throughout the public sector the Government will be forced to adopt different ways for the use and application of systems at the local level, which will involve focusing on the redesign of information technology implementation, making the most of what is already in place. This may entail internal investment to realise benefits from existing systems. Government leadership needs to step away from the outdated idea that IT is expensive and difficult and recognise that efficient and improved delivery of public services cannot happen without investment. It is a recognised feature of IT implementation in all industries that the computerising of outdated procedures is likely to make them more expensive rather than less. Implementing new IT must be owned by the organisational executive and be seen as a business change programme supported by technology. Public Administration Committee: Evidence Ev 97
5. What role should IT play in a “post-bureaucratic age”? 5.1 IT is central to the effective delivery of modern administration. In a “post-bureaucratic age”, we should not lose sight of the business objectives and not become obsessed by the technical detail of the process. This key question must be at the centre of all future IT-enabled change to achieve the business benefit required.
6. What skills does Government have and what are those it must develop in order to acquire IT capability? 6.1 The Institute acknowledges the work done by the government IT Profession Board in driving important developments including the widespread adoption of SFIA for the definition of skills both for roles and individuals; the establishment of a Technology in Business fast stream for IT professionals; and a recent recommendation that all departments should define a set of senior IT roles for which appropriate qualifications should be mandated. Some departments have gone further in encouraging all IT professionals to obtain qualifications and memberships appropriate to their specialism and level. We believe this represents a good start on the way towards professionalising IT in government, and we would welcome the opportunity to work closer with government in the further development of IT skills, development and professionalism. 6.2 However, departments generally do not have the overall IT skills capability or capacity to meet their sometimes ambitious portfolios of change, and have often become over-dependent on the external marketplace. This situation has been exacerbated by the high degree of outsourcing of IT services, which makes it more difficult to develop and maintain the required level of client-side IT skills. Recent cost-cutting exercises have reduced, in some cases drastically, the use of external IT specialists but this has happened so quickly that there is a real risk of projects failing due to lack of IT capability. We believe that a more managed and balanced approach to the use of the external marketplace is required while departments work hard to increase their in- house capability.
7. How well do current procurement policies and practices work? 7.1 Current government procurement is clumsy, inefficient and plays to the very large systems integrators. Factors contributing to the inefficiency are as follows: 7.2 Excessive detail in specification and compliance management. Government should procure on the basis of the business benefit required and let suppliers propose innovative solutions which are likely to be more cost effective. This will require a different attitude and skill set in HMG procurement and a different approach to OJEU (Official Journal of the European Union: http://www.ojec.com/) interpretation and compliance. 7.2 Policies and practices across the public sector are frequently not written in plain language and vary fundamentally in approaches, leading to a poor understanding of requirements. Often outdated, complicated procurement policies and practices have led to the difficulties in procuring software, a main factor in causing IT projects to fail due to late deliveries and over budgeting. The difficulty in procuring software to government requirements in turn stifles competition and innovation. 7.4 The current lack of a best practice model to control delivery of software to time and budget means that keeping track of the unit costs of bought-in software, and the judging of value for money, will not have been embedded at a similar pace into the working culture of government departments. 7.5 To enable procurement policies and practices to work well, we recommend incorporating the following, in line with COSMIC’s recommendations:1 — Measurements of the amount of software required and delivered so that unit costs can be measured. — A common repository of unit costs and other performance data from all public sector software- intensive IT projects which can be used to share experience and to support contract negotiations with IT suppliers. — Processes by which customers can exploit the data to control and improve value for money and the delivery of new systems to time and budget.
8. What infrastructure, data or other assets does government need to own, or to control directly, in order to make effective use of IT? 8.1 The Government must own and control data and make certain that it is safely held and used responsibly. It must similarly ensure that the applications processing the data are trustworthy. Apart from the ownership and control of data, the Government do not need to own any assets or infrastructure.
9. How will public sector IT adapt to the new “age of austerity”? 9.1 Proper management of public sector IT will be cost effective together with the recommendations mentioned in 4.2. 1 Quote from Charles Symons, COSMIC, response submitted dated 11 Jan 2011. Ev 98 Public Administration Committee: Evidence
10. How well does Government take advantage of new technological developments and external expertise? 10.1 In some cases very well as mentioned in 4.1 where developments are well designed and follow industry best practice and de facto standards. 10.2 There have also been cases where the Government had not taken advantage of external expertise. For example, no action was seen to be taken on southernSCOPE,2 a project management method for procuring software, proven to cut the average budget over-run to less than 10% and provide software value-for-money within the top 25% of industry best practice (extracted from COSMIC findings).
11. How appropriate is the Government’s existing approach to information security, information assurance and privacy? 11.1 The Government’s approach to information security and information assurance has improved significantly over the last 10 years. Policy is more pragmatic and generally understood by users. However, the one failing is that policy is not mandated and this has resulted in serious breaches in recent times as seen in the case of the HMRC data loss. Senior Risk Owners (SROs) have been appointed in government departments thus ensuring that the subjects have full visibility at senior level. It is understood that a minister from each government department is being nominated as the owner of Cyber Security. Cyber Security brings new challenges as the threats are wide ranging, complex and not generally understood. In the Cyber domain, mandating policy is deemed essential. Policy documents issued by CESG are well written and easily understood 11.2 In some cases, the approach has been excessive in particular with network security making applications inaccessible and difficult to use. The key is to secure data at the storage and application level and use encryption to cope with the fact that networks are inherently insecure thus making accessibility much easier. 11.3 Knee-jerk reactions are reducing the benefits of IT systems. The current culture of “report near-misses” in the public sector does not encourage openness and proactive action. A holistic, proactive and joined-up approach is to be encouraged to better prepare for the devolvement of services at local levels. 11.4 Following the high-profile data losses in recent years, we acknowledge that the Government has generally taken seriously its responsibilities to treat personal and other sensitive data with care, but there is a risk that as focus is moved to other issues the risks of data losses will rise again. The government’s transparency agenda needs to be pursued with an eye always on the need to maintain personal privacy and protect sensitive data. 11.5 Privacy has not, in the Institute’s opinion, been a sufficiently high priority for government in recent years. The surge in data sharing, which would in most cases be more accurately described as “data disclosure”, has blurred the boundaries between data silos without a sense of proper governance or accountability for use. In particular, the collection, aggregation and retasking of data sets to respond to headline needs, without a sense of a formal strategy for data governance, has eroded trust in the ability of public authorities to protect or properly manage personal information. Examples of such approaches include the National Identity Service, which brought together existing government databases for uncertain new purposes, or ContactPoint, which was driven by an intrusive new register without clear objectives. 11.6 Furthermore, the Data Protection Act (1998) provides insufficient guidance to stop these undesirable uses of data, and does not sufficiently empower individuals to take guardianship of their own information. Central government departments have been perceived as treating the Act as an obstacle to be overcome or circumvented wherever possible, and even if the Act is taken seriously, it appears to be treated as the maximum level of protection required, rather than as a minimum baseline for respect for the individual’s data. This problem is exacerbated by the lack of powers provided to the Information Commissioner until just recently, and his office’s apparent reluctance to use those powers against public authorities even where significant breaches have occurred. 11.7 These problems are not unique to the public sector, and there have of course been numerous high- profile privacy incidents arising from private processing of personal information, for example Facebook, Google, Phorm. However, in the private sector there is a greater sense of accountability for proper information governance, driven by competitive market forces: where a company fails to respect its customers’ data, those customers have the ability to opt out or to take their custom elsewhere. That accountability does not exist for the majority of public services, and hence there is a need for stronger regulation within the public sector. 11.8 The Institute would welcome a broader and deeper adoption of the “Privacy by Design” principles espoused by the Information Commissioner’s Office: in other words, building proper respect for privacy (as opposed to a simple compliance with the Data Protection Act) into every aspect of information processing. This might most effectively be achieved by specifying minimum privacy design criteria for all systems that handle personal information (as opposed to those with a protective marking) and then making those criteria a mandatory part of the formal business case, OGC gateway review process, and accreditation process. Furthermore, accountability for failure to comply or thereafter to protect personal information should be more closely bound to the individuals responsible for system implementation and operation, rather than the public 2 http://www.egov.vic.gov.au/victorian-government-resources/e-government-strategies-victoria/southernscope/southernscope- avoiding-software-budget-blowouts.html Public Administration Committee: Evidence Ev 99
authority itself: the current approach of fining authorities for breaches of the Data Protection Act serves only to penalise service users rather than those responsible for proper governance.
12. How well does the UK compare to other countries with regard to government procurement and application of IT systems?
12.1 With regard to procurement and following the take-up of the recommendations mentioned in 7.5, Finland’s Ministry of Justice has successfully completed a pilot resulting in achieving a unit cost of software of €300, down from a range of €500 to €1,000. 12.2 The Chinese, Japanese and South Koreans have established repositories of software project performance data, managed by national research institutes, to which public sector bodies contribute data. January 2011
Written evidence submitted by Socitm
Preface Socitm is the association for Information and Communications Technology (ICT) and related professionals in the United Kingdom public and third sectors, and suppliers to these sectors. It offers networking and peer support, professional development, and access to research and consultancy on a wide range of policy and technology issues to its over 1,500 members. Socitm works with the Local Government Group (Local Government Association and Local Government Improvement & Development) and the Local e-Government Standards Body (LeGSB) in areas such as data quality, interoperability standards, transparency and open data; with Central Government, including Cabinet Office, HM Treasury, the Department of Communities and Local Government, the Department of Work and Pensions, Centre for the Protection of National Infrastructure and CESG(National technical authority for advice and services to protect Government voice and data networks); and with other professional associations and groups, such as the Chartered Institute of Public Finance and Accountancy. The Local Chief Information Officer (CIO) Council is made up of Socitm members and supplies representatives to the CIO and Chief Technology Officer (CTO) Councils. Socitm also has strong links to its partner associations in Europe and around the world, and is a signatory to the recent Citadel Statement (http://egovstatement.wordpress.com) that identifies a number of barriers to effective use of IT at the local level throughout Europe. At the request of the Government CIO, the Local CIO Council has commissioned Socitm to produce a local public services ICT strategy; this work is in progress.
Key Points — Technology policy is poorly co-ordinated and governed across government. — Local public services’ input into technology policy co-ordination is often too little, too late. — “Pan-local/pan-public-sector” strategy, architecture and commissioning is the optimum way to consolidate co-ordination and implementation of information and technology policy and to achieve or even exceed the order of savings required over the next four years. — Benefits realisation and capture of savings are weak and need to be improved by using rigorous business change methods. — Past lessons have not been learnt and applied. — Change programmes continue to be largely technology-led, rather than to be driven by public service outcomes. — Benchmarking is a key starting point for establishing how well IT services are performing. — IT needs to be an intrinsic part of public services design and delivery. — Agile, web-enabled, secure delivery of IT should be key features of future IT deployment. — Skills development needs to focus on strategic business change, strategic commissioning and information governance. — Take-up of the Government IT Professional Skills Framework needs to be widened. — Procurement practices are inefficient and exclude SMEs and disruptive technology applications. — Government needs to maintain control over strategy, policy, standards and security capability. — Public Sector Network, shared services and cloud provisioning should become key features of public services IT infrastructure. — Security needs to be proportionate to the risks facing local public services. Ev 100 Public Administration Committee: Evidence
Responses to PASC Questions 1. How well is technology policy co-ordinated across Government? 1.1 Technology policy is poorly co-ordinated across Government and is often formed without considering the views of all relevant stakeholders. 1.2 The CIO Council and the CTO Council have brought a degree of co-ordination, but there is still a recurring theme of local government being ignored until late in the technology application cycle and, typically, not until it reaches implementation. This is despite the fact that around 60% of Government interactions with citizens occur at the local level. It is often left to organisations such as Socitm and the LG Group to lobby central government on behalf of local public services. Additionally, much of the work done by various CIO and CTO council working groups has not been completed or published. 1.3 At the local level, technology and information assurance are better coordinated now through the work of the Local CIO Council (facilitated by Socitm) and the Local Government Delivery Council. The sums of money needed to support local government input into wider public sector co-ordination would not be significant but, with the exception of the Local e-Government Programme (2000Ð05), provision for local public services engagement in co-ordination of technology policy and implementation is absent.
2. How effective are its governance arrangements? 2.1 Governance of IT is not co-ordinated, leading to fragmented procurement, duplicated and incompatible systems and extra cost. The former Central Computer and Telecommunications Agency was able to take an overarching view in the same way as CESG (part of GCHQ) does now for information assurance. 2.2 Socitm believes that “pan-local/pan-public-sector” governance of strategy, architecture and commissioning is the best way to consolidate co-ordination and implementation of information and technology policy. This would address architectures and arrangements for commissioning services, via a multi-sourced approach, based on the pan-local need. The result would be less need for IT delivery within local public service organisations. This approach, which would need to include central government departments delivering locally, has the potential to deliver radical reform and to achieve, or even exceed, the order of savings required over the next four years, both in IT provisioning and in the local public services that IT enables. 2.3 Information governance is a particularly complex area and this is not helped by each department, government agency and local authority having its own view on what information governance is and how it should be implemented. A central body determining and enforcing standards and funding central, common strategic and policy work, especially around network, identity and authentication systems, would save significant sums of money, cut waste and facilitate a buy once, use many approach. 2.4 Although the private sector has a role to play, much money is wasted, because government does not have the in-house expertise to develop and maintain systems and capabilities. The majority of this work is outsourced, which means the knowledge is grown externally to the public sector community. Whilst the private sector may profit from this, it is not always to the mutual benefit of both sectors. 2.5 Governance of benefits realisation and capture of savings from IT-enabled business change projects is weak. For this reason, Birmingham City Council developed the CHAMPS2 (www.champs2.org) business change methodology, which is now being adopted successfully by a growing number of public service organisations worldwide to ensure rigorous realisation of benefits and savings.
3. Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learnt and applied? 3.1 The number of failures, both past and present, suggests that lessons have not been learnt and applied. The National Health Programme for IT, the UK eGovernment Interoperability Framework and the Code of Connection are all examples of projects which have been driven by technology, rather than by public service outcomes. 3.2 Office of Government Commerce (OGC) work focuses on central government, so apart from PRINCE, MSP and other methodologies, their work is of limited value for the wider public sector. 3.3 The OGC Gateway process is effective, but it is often misunderstood and not followed. Failure of large, high profile projects is often due to a lack of effective business change management (and underlying portfolio and programme management).
4. How well is IT used in the design, delivery and improvement of public services? 4.1 Answering this question will become increasingly difficult because of the abolition of the Audit Commission. In order for local authorities, public bodies or central government departments to establish how well they are performing in a particular area, there must be a baseline against which to perform a comparison. Socitm’s Benchmarking Service offers a robust baseline of information on IT services in local public services. Public Administration Committee: Evidence Ev 101
4.2 Public services are often designed and may even be implemented before IT is retrospectively fitted to the service, instead of IT being intrinsic in service design. Exceptions include online payment of parking fines, implementation of Oyster Cards by Transport for London and online management of student finance. The gains to be made from digital delivery are well known (eg from Socitm’s own Channel Value Benchmarking research), but implementation is slow and sporadic. This makes it all the more important that IT is involved from the early stages of public service design, delivery and improvement. 4.3 Cybersecurity is becoming increasingly important as we move towards shared, multi-agency services, involving citizen interaction over the Internet.
5. What role should IT play in a “post-bureaucratic age”? 5.1 The focus of most of the questions in this consultation is technology. However, this only makes sense in the context of the purpose technology serves, which is to process data and to produce information to enable desired public service outcomes. Consequently, effective management and use of government data and information will be a prerequisite for successful use of IT in a “post-bureaucratic age”. 5.2 We need to shift from the traditional, silo-based IT approach, towards the development of agile, web enabled and secure service delivery, utilising the Internet, and involving the citizen, businesses and the voluntary sector, whilst ensuring that the quality of the data and its security is maintained.
6. What skills does Government have and what are those it must develop in order to acquire IT capability? 6.1 The role of IT is changing. Required skills are moving away from technology, towards strategic business change, strategic commissioning (procurement and supplier management) and information governance. The record of failed IT projects, the fact that the Senior Information Risk Owner role often resides in someone who does not understand what the role entails, and shortfalls in commercial acumen and strategic provisioning mean that IT is not tightly integrated into the design and reform of public services. 6.2 We need skills in developing “fit for purpose” standards that will ensure full integration and interoperability. We need excellence in enterprise and security architecture. We need leadership, governance and programme management skills, so that government has its own capability to develop the services and systems that it needs for the future. These skills take time to acquire and develop, making it vitally important that an effective skills framework and career path is put in place. 6.3 Although a Government IT Profession Skills Framework has been developed, it has yet to be taken-up effectively across all government.
7. How well do current procurement policies and practices work? 7.1 There is much room for improvement in procurement practices. Much of the inefficiency is due to the way in which EU procurement regulations are implemented in the UK. These often bind government into bureaucratic contracts, which do not offer best value, and tend to deliver self-serving systems, rather than systems serving public service outcomes. Additionally, OGC frameworks do not allow rapid purchasing and deployment. 7.2 The OGC approach towards large frameworks precludes SMEs from bidding for government work, to the point where they tend to be engaged only as sub-contractors. This adds significant transaction costs to the supply chain. A simple way to reduce regulation and bureaucracy would be to raise the EU procurement threshold. This would mean that SMEs are more able to bid for work in Government and help to promote economic growth in the UK. 7.3 Councils themselves have their own bureaucratic processes when engaging with new suppliers. Time and money could be saved by implementing a national procurement registration process linked to HMRC and Companies House.
8. What infrastructure, data or other assets does government need to own, or to control directly, in order to make effective use of IT? 8.1 For commodity items such as applications software, ownership does not need to reside with Government. However, it is vital that Government maintains control over strategy, policy, standards and security capability. Outsourcing these elements leads to a loss of capability and capacity to control around IT systems and costs. 8.2 Effective management of information is just as important as technology. Strong information governance and compliance should be in place across government and the wider public sector to ensure that best practice is followed and to co-ordinate effective information sharing. 8.3 Where information is of a sensitive nature, government should have an appropriate mechanism for securely transferring it. Given that the Internet is the main route of attack for cyber-threats, there is a need for highly available network which is less prone to this type of attack so that in the event of a cyber-attack, Ev 102 Public Administration Committee: Evidence
government can continue to function. Any government network must also be able to facilitate inter- organisational shared services. The PSN standards should meet these requirements and attention needs to be focused on these, rather than the business aspirations of the current main communications suppliers.
9. How will public sector IT adapt to the new “age of austerity”? 9.1 Austerity has already had an impact on professional development and knowledge sharing, with cuts to training and travel budgets. Austerity causes organisations to economise and only to look inwards for solutions, when better ideas may exist outside. 9.2 Government needs to carefully consider the implications of cost cutting. Innovation and development will diminish, and training will be restricted. This will cause morale, and productivity to decline. There is a danger that some organisations will just see IT as another cost centre which needs to take its fair share (or more) of cuts, when in reality, more services than ever before will need to be delivered digitally. 9.3 Where new initiatives are planned, a “Gate Zero Review” (OGC Gateway Review) should be undertaken to ensure that best value is being realised and, before buying new, organisations should check that there is not already something similar, no longer required elsewhere, but still contracted to be paid for, that cannot be re-purposed. 9.4 Service-led innovations, which are enabled by technology and which disrupt current ways of thinking need to be encouraged. However, current framework approaches to procurement inhibits these. The costs associated with registering on OGC Frameworks inhibit smaller, innovate businesses from bidding for work in government. 9.5 The PSN, as a “network of networks”, is a critical undertaking that, wherever possible, should reuse existing network assets to provide the infrastructure for shared services and cloud provisioning of IT. 9.6 A growing number of local authorities are planning to make significant cost savings through the use of shared IT services. Utilising the PSN, traditional geographical constraints to the sharing of services can be overcome, while some are implementing shared IT services across multiple types of organisations. 9.7 Money can also be saved by making use of cloud services. Applications can be designed, tested and accredited once and then deployed across multiple organisations at a reduced unit cost. Hosting and delivering applications or services in the cloud removes the need for individual organisations to separately procure and manage costly and complex infrastructure. Many suppliers to local public services are already making cloud- based products and services available. 9.8 Government should also consider the overheads of procurement. Procurement itself should be measured as a percentage of the overall contract price.
10. How well does Government take advantage of new technological developments and external expertise? 10.1 Local government has limited or no capacity for technological developments. Technology is only taken advantage of when there is a clear business case that a service might be improved by the use of it. Very rarely does technology inspire the development of new or improved services. Furthermore, the history of past, failed IT projects means that business leaders and service managers are reluctant to take note of and to adopt disruptive innovations. 10.2 Government works with industry through many fora and media. However, these tend to be dominated by large companies. Policies and procedures for procurement make it difficult for SMEs to engage, with the result that innovative products and services from them get ignored. 10.3 IT is often an afterthought in the design and delivery of services, with technology experts simply responding to the demands of service and business managers. They do not have an understanding of the underlying objectives or desired outcomes, nor the process and governance constraints. This hinders the development of innovative and transformational systems.
11. How appropriate is the Government’s existing approach to information security, information assurance and privacy? 11.1 UK Government has for a long time, been one of the world leaders in information security, and information assurance. However, resilience is poorly addressed, while security tends to be set at disproportionate and costly levels for the risks facing local public services. 11.2 The current model that links authentication, credentials and authorisation is incomplete. Federated identity management would go some way to removing this obstacle by eliminating the need for multiple authentication systems. Common commercial standards for data security and privacy could apply to many areas of public services. 11.3 The new cybersecurity approach is wholly focused on central government and defence, ignoring the wider public sector. As more services are devolved and delivered locally, the threat “surface” will change and Public Administration Committee: Evidence Ev 103
the capability to respond to new threats will need to change with it, without being hindered by complex frameworks or prohibitively costly contracts.
12. How well does the UK compare to other countries with regard to government procurement and application of IT systems?
12.1 It is difficult to draw a direct comparison between the UK and other countries because of differences in the type and scale of projects which are put out to tender. However, the UK does seem to have more than its fair share of failed IT procurements.
12.2 Other countries are able to achieve greater flexibility and speed of procurement, including those in Europe that need to comply with EU procurement rules. Government should facilitate an exercise to collate best practice from around the world, learning from other countries’ experiences and providing clear guidance. January 2011
Written evidence submitted by Hewlett Packard (HP)
Summary
HP is the world’s largest technology company and the largest provider of IT products and services to the UK public sector. We welcome the Public Administration Select Committee’s timely enquiry into this topic. Government IT has been a contentious issue in recent years, for a number of reasons. However, we believe that there is much to be proud of in the positive impact that we are able to have on the lives of the citizens and public servants that we support through the work that we and our counterparts in other suppliers do for our Government customers.
We are far from complacent though and recognise that, particularly in the straightened economic circumstances through which we are living, IT suppliers and the government IT community must work together to reduce the cost of the services that we provide to our Government customers, and help them to use IT to deliver efficiencies in their wider business operations so that they can protect and improve the services that they deliver to the public.
Our response to the committee’s questions is summarised below. — Historically, Technology Policy is not extensively coordinated across government. Though there have been some notable successes in delivering cross-government solutions and rationalising diverse policies at a departmental level, there remains a culture of organisational autonomy, driven by financial models which align funding with the implementation of specific policy initiatives. As a result, the government often pays more than it should for under-utilised IT assets, engenders redundant software customisation and as a result IT is sometimes a barrier to, not a facilitator of change. — The Governance arrangements for Government IT have improved markedly in recent years, but no-one has yet been given the responsibility, authority and mandate for those parts of technology policy where greater coordination would be useful. The Minister for the Cabinet Office has expressed the view that what is needed is a combination of “tight and loose” controls to increase standardisation where doing so would reduce cost and support variation where doing so would add value. HP fully supports this view. — There have been multiple studies into Government IT by bodies such as the NAO which have produced useful insights into the determinants of successful outcomes and the causes of failure. Whilst these lessons are generally understood there is scope for further reinforcement of governance processes to ensure that they are adopted and to facilitate an environment where the governance process can be used to diagnose and address problems before they become critical. — Good IT is critical, to the delivery of public services and to the realisation of the Prime Minster’s vision for a “post-bureaucratic age”. Delivering these outcomes demands proper consideration of IT during the development of new policy—something which is not always done effectively now. At the same time, taking a more coordinated approach to technology policy has an important role to play in enabling the implementation of wider government policy by helping to remove barriers and facilitate collaboration. — Although outsourcing is the predominant and most appropriate model by which IT capability is acquired by Government, there are key roles which should be retained within the public service. At present, Government is over-reliant on external advisors for some functions (particularly architecture and procurement expertise) and needs to adopt a more consistent approach to the role of departmental CIO as a key actor in developing policy and determining business strategy. Ev 104 Public Administration Committee: Evidence
— Procurement processes are often considered to be one of the key barriers to achieving success in IT programmes. There is little wrong with current processes, but there are key issues which must be properly addressed by departments in order to use these processes effectively. Strong leadership, using the right procurement vehicle, a more strategic approach to framework contracts and clarity of purpose are key factors in achieving successful outcomes. — Cloud computing and “Everything as a Service” delivery models will be a dominant trend in both consumer and enterprise IT in the next few years. These will have significant impact on the way that government commissions IT, although there will still be a requirement for Government to own some assets in order to secure the levels of security and value for money that it requires. Government should not seek control over IPR for IT solutions where doing so would inhibit reuse. — IT has a key role to play in helping the public sector adapt to “the age of austerity”. A more coordinated approach to technology policy would help to reduce the direct costs of government IT, but it is equally if not more important to consider the role that IT has in helping drive down the wider costs of government through its ability to help change delivery models, for example, through a shift to more on-line services. —Itisnot important for Government to be an “early adopter” of new technologies unless there is a clear business case for their deployment, but there are some technologies such as mobile telephony and risk profiling in fraud reduction which are commonplace in the private sector and significantly underused by public sector organisations. — Current approaches to Information Security and Information Assurance have improved markedly since a flurry of data loss incidents in 2007Ð08. Whilst this area of technology policy is now strong and one of the best coordinated across government there is scope for adoption of more pan-government solutions in this field which would drive down costs, facilitate wider deployment of shared services and ease the transfer of staff between different government organisations. — Whilst spend on government IT in the UK is high, international studies do indicate that the UK compares well with other countries in the effectiveness of its IT. The UK government market for IT products and services is fair and amongst the most open that HP has experienced anywhere in the world, with strong competition and few barriers to changing suppliers. However, some other governments are taking stronger positions to standardise their IT, maximise their purchasing power and driver wider policy outcomes through their IT procurements from which the UK could learn. Global suppliers like HP have a key role to play in helping the UK to benefit from the experiences of other countries.
Responses to the Select Committee’s Questions 1. How well is technology policy co-ordinated across Government?
1.1 In general, Government technology policy is not coordinated to any great extent. Each organisation enjoys autonomy in setting IT Strategy and does so with little consideration of those of other departments. Until recently there have been few attempts to establish a more coordinated approach and no-one has been given both the responsibility and a clear mandate to do so.
1.2 The lack of coordination is a reflection of the fact that most ICT investment is still aligned to the specific policy imperatives of spending departments. What should be the common elements (eg datacentres, networks, office computing platforms, enterprise finance and HR systems etc) are bought over and over again as a patchwork quilt, which is extended each time a new large policy initiative is put into action, each initiative growing its own autonomous organisational and ICT machinery. In this regard therefore, the UK government has all the disadvantages of scale and few of the benefits. 1.3 There are limited areas in which coordination has been attempted and has been effective. These include the recent measures to improve Information Security and Assurance, the use of common networks such as the Government Secure intranet (GSi) and key applications which operate across it, such as the Government Gateway. These are however small in scale, when set against the government’s total spend on IT.
1.4 There are other good examples where departments have consolidated historically diverse technology policies and achieved significant reductions in cost and improved effectiveness. Through the TREDSS and ICONS programmes that the department undertook with HP (then Electronic Data Systems) and BT, commencing in 2005, the DWP achieved savings of more than £1bn over five years and has a demonstrably more robust, adaptable and better performing IT infrastructure as a result. Such examples are the exception, not the norm.
1.5 Early last year, publication by the previous Government of the first cross-Government ICT strategy3 started to put in place some building blocks of a common Technology Policy for Government, which offered the potential for a more coordinated approach. HP understands that strategy is currently under review by the new Government. 3 HM Government ICT Strategy, Smarter, Cheaper, Greener. Cabinet Office, January 2010. Ref: 299388/0110 Public Administration Committee: Evidence Ev 105
2. How effective are its governance arrangements?
2.1 Recent years have seen new structures established to improve IT governance. The Government Chief Information Officer (CIO), CIO and Chief Technology Officer (CTO) Councils have had a positive impact on the professionalism of the government IT community and played an important role in improving communication and collaboration within Government and with suppliers. They have as yet had little impact in shifting the balance away from organisational autonomy over technology policy towards a more coordinated approach.
2.2 Effective governance over technology policy is not solely an issue of organisation, but one of culture and leadership (from ministers and officials). HP believes that the Minister for the Cabinet Office, Francis Maude, understands this challenge fully. He talks about the need for a combination of “loose and tight” controls over technology policy: — Loose controls over those aspects of technology policy which are clearly within the expert domain of individual departments, agencies, or, as is the case in some increasingly market-oriented parts of the public sector, where organisations need the autonomy to diversify in order to innovate and compete effectively. — Tight controls over those aspects of technology policy where variation adds only cost and not value, where customisation is often redundant (such as IT infrastructure), or where adherence to standards is essential in order to allow those elements over which only loose control is desired to interoperate and coexist on the standardised infrastructure.
2.3 One further challenge which hampers attempts to establish more effective governance of technology policy is the lack of information on what is spent on IT. This has been noted as a barrier in earlier studies into Government IT, including the Operational Efficiency Programme conducted under the previous government4.
2.4 HP understands that the Coalition Government intends to issue its own IT strategy. If this strategy sets out plans to increase the extent to which Technology Policy is coordinated on a cross-Government basis, then it must also turn its attention to how it proposes to strengthen existing (or establish new) governance arrangements. Without doing so, there is a risk that it will be unable to monitor and control compliance effectively, and the status quo of strong departmental autonomy will prevail.
3. Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learnt and applied?
3.1 HP does not doubt that the government IT community is aware of and understands the lessons identified in reports produced by the NAO and other bodies. The extent to which these are fully applied does however vary. Whilst it can appear in that the recommendations have been followed, in some cases this can be superficial.
3.2 For example, the NAO’s recommendation that a programme should have a defined SRO is rendered impotent if what happens in practice is that the role is fulfilled by many different people throughout the lifecycle of the programme, each juggling their SRO role with other duties, and with no continuity to ensure accountability for decisions taken during the procurement phase later in the lifecycle.
3.3 In other words, there remains a risk that the current environment can lead to potential or impending problems being masked by programme teams becoming adept at presenting a positive face to the governance regime, which is itself focussed on checking adherence to a process rather than delivery of business benefit. HP suggests that there is a role for stronger scrutiny of issues known to be critical to successful outcomes.
4. How well is IT used in the design, delivery and improvement of public services?
4.1 IT plays an essential role in the delivery of public services. There are many examples of services which could not exist at all without IT (eg Transport for London’s Oyster card system), and others which would be extremely expensive to deliver without it (such as the Post Office Card Account). The UK can point to many examples of IT-enabled policies and business processes which are world-class and have simultaneously improved both the experience for the citizen and cost-effectiveness. We would however offer the following observations.
4.2 IT is now on the critical path of almost any significant policy initiative. It is not sensible for policy to be developed without considering the way in which IT might support its delivery, and considering the impact of the relationship between policy, business process, information architecture and technology.
4.3 In particular, it is important that IT is not treated as an afterthought which comes at the end of the policy development process. This can lead to situations where the IT is perceived to have “gone wrong”, when in fact the whole programme has slipped and the IT delivery becomes squeezed as a result, with obvious consequences. 4 Operational Efficiency Programme, Final Report, HM Treasury 2009, ISBN 978Ð1-84532Ð587Ð9 Ev 106 Public Administration Committee: Evidence
4.4 A more coordinated technology policy itself has a role to play in improving the ease of implementation of new policy. It can support this by: — helping to remove barriers to cross-organisational collaboration and restructuring, — establishing IT infrastructures and applications which can be reused so policy can be implemented through customisation rather than construction, and — by establishing standards which can used to allow a diversity of different and innovative IT solutions to coexist and operate across common government IT infrastructures without sacrificing interoperability or transparency.
5. What role should IT play in a “post-bureaucratic age”? 5.1 Based on the PM’s speeches, HP’s interpretation is that IT support for the post-bureaucratic age might manifest itself in a number of different ways, including: — Greater transparency—through increased access to spending data. — Improved citizen choice—by widening access to performance data. — Enabling innovation—by empowering people to access government datasets to create new online services. — Changing delivery models—by supporting public sector organisations to evolve their role to one where they are responsible for commissioning and orchestrating services from a range of different delivery partners. — Managing resources efficiently—by introducing smart grids for power generation and usage. — Widening participation—by members of the public in the processes operated by government. 5.2 Whilst the concept is not about technology, it depends absolutely upon technology for its realisation. The realisation of the PM’s vision will demand a more coordinated technology policy, one which utilises “tight and loose” controls to deliver a cost-effective and standards-based IT infrastructure platform. This in turn can support applications which enable the openness, transparency and collaboration between different public sector organisations and the public which are central to the concept of the post-bureaucratic age. 5.3 There is a misconception amongst some that the sort of IT which enables the post-bureaucratic age is an alternative to the large, transaction-processing systems which have traditionally been operated by government. 5.4 The IT which supports the post-bureaucratic age must work alongside traditional systems. These “line of business” systems may need changing to support new ways of working, for example through the addition of standards-based interfaces to allow them to be accessed in new ways. But no-one should assume that a proliferation of web-based services or downloadable apps can displace the requirement for governments to continue to invest in their core IT systems, or that the well-proven ways of managing these highly complex systems, many of which form part of our Critical National Infrastructure, have been rendered obsolete.
6. What skills does Government have and what are those it must develop in order to acquire IT capability? 6.1 Outsourcing is the dominant model by which Government acquires its IT capability. This approach allows the public sector to leverage investments made in skills by the private sector, helps avoid the costs of obsolescence, ensures a competitive market for these services and allows the transfer of knowledge between different public and private sector organisations on a global basis. 6.2 Within an outsourced model, HP would suggest that the following roles are those which should generally be maintained “in-house”: — Chief Information Officer. — Development of IS and IT Strategy and Architecture*. — Security and Information Assurance Policy. — Business Analysis and Business Relationship Management. — Procurement and Contract Management*. — Business Change and Programme Management. 6.3 Almost all the other IT functions required by a typical government organisation can be more effectively provided by the private sector. 6.4 With regard to these functions, HP would offer the following comments: — Establishing a better coordinated Technology Policy across government will also demand a central cross-government analogue to lead each of these functions—a move which we recognise the ERG has begun to put in place. Public Administration Committee: Evidence Ev 107
— The importance of the departmental CIO is increasingly recognised, with a number of strong appointments having been made in recent years. However, the function remains inconsistently adopted—some are members of their department’s board and accountable to the Permanent Secretary, others less senior. More could be done to strengthen the role of the departmental CIO in policy development. — Of the roles listed above, those marked with * are often fulfilled either by staff on fixed-term contracts or external advisors. This is less than ideal, as it prevents the development of a professional cadre of staff with these essential skills and does not foster a culture of long-term accountability for outcomes within these functions. — Business Programme Management, especially for large, IT-enabled policy initiatives, is a highly specialised capability. The relatively small cadre of professionals with this experience should be recognised and managed as a cross-government asset.
7. How well do current procurement policies and practices work? 7.1 HP believes that there is nothing inherently wrong with current procurement processes. There are however four issues which are of critical importance for organisations embarking on a major procurement: 7.2 Leadership—Having the right SRO (Senior Responsible Officer) is the cornerstone of a successful procurement—someone who really understands what Government wants and the place of procurement in achieving that outcome. Too often we see an SRO whose only remit is the procurement itself. This leads to a focus on running a procurement which is scrutiny-proof, rather than a programme which is geared up for successful delivery. 7.3 Using the Right Vehicle—Problems occur when departments rush to begin procurements before they have properly considered the best way to get the outcomes they want. Before embarking on a major procurement, departments should consider: — Do we need a procurement at all? Is there an existing solution which can be reused or extended to meet the requirement? — If we do need something new do we need a formal procurement or can the same outcomes be achieved by creating a market for the relevant product or service? — If we do need a procurement, can we use an existing contractual framework to accelerate the process? — If a full-blown OJEU procurement is needed, have we selected the right procurement pathway? — If we do need a full-blown procurement, are we approaching it in a way which will allow other departments to benefit from its outcomes? 7.4 A more strategic approach to frameworks—The increasing number of these, and the resulting lack of volume placed through each is adding cost to suppliers but more importantly, stopping the government from maximising its purchasing power by consolidating demand. A more strategic approach to frameworks, particularly those which support a stated IT strategy, combined with a stronger hand from ERG to support their use and restrict the proliferation, would provide benefits to both HMG and the supplier community. 7.5 Clarity of Purpose—Many procurements which go awry do so due to poor management or a lack of stability of the requirements, an absent or poorly articulated business case; and the suitability of the selection criteria used to assess suppliers’ bids. In the worst case, this can lead to procurements decided predominantly in terms of price or a supplier’s willingness to accept punitive contractual Terms and Conditions rather than capability, total cost of ownership and underlying risk.
8. What infrastructure, data or other assets does government need to own, or to control directly, in order to make effective use of IT? 8.1 The current trend in the world of IT is the move towards “Cloud Computing”. Here, rather than own IT assets, organisations purchase the IT that they require as a utility, paid on a usage basis. Responsibility of provisioning complex technology is removed from the commissioning organisation and the relevant IT function is provided as a service. One often hears terms such as Infrastructure as a Service (IaaS) or Software as a Service (Saas) describing different variations of this model. 8.2 This approach will have a profound effect on the way in which businesses and citizens consume all kinds of IT service. In this context, the question of owning IT will become less important. There will still be a requirement for government to own certain assets, either because they cannot be economically procured in this way or due to specific security or resilience purposes, but the balance of what can be provided as a service by the market will shift. 8.3 One often contested issue between Government and suppliers is the question of IPR ownership for IT solutions. Though there are some areas where it is desirable for government to own these rights, there are others where this position drives up costs and prevents wider economic growth by inhibiting reuse and resale. Ev 108 Public Administration Committee: Evidence
8.4 Ownership of data is a more philosophical and political question. Much of the data processed by government relates to individuals, in many cases to private matters such as health or finances. Adopting the principal that it is the citizen who owns the data about them, and that they, not the Government should be in control of it is not technically difficult if it is desired, but would need to be an explicit aim of a cross- government technology policy.
9. How will public sector IT adapt to the new “age of austerity”? 9.1 In an “age of austerity” it is right that spending on IT should come under scrutiny and HP is fully supportive of the measures established by the Government to reduce IT expenditure through contract renegotiations, the moratorium process, and moving to a model where government is able to act as a “single client” in its dealings with suppliers. 9.2 Notwithstanding the potential which exists to deliver savings in direct expenditure on IT, IT still represents only around 4% of the Government’s overall spend. Whilst reducing this by an average of, say 30%, may be feasible, the resulting overall reduction in public sector expenditure will have minimal impact on the deficit. Ultimately, IT is a tool for improving productivity; its potential to help deliver efficiencies in the remaining 96% of expenditure is relatively untapped. 9.3 The interesting question is what IT can do to help alleviate the impact of the age of austerity on the public sector. We would suggest: — ERG’s moratorium process should evolve so that as well as halting investment in certain IT programmes it also plays a proactive role in coordinating a more appropriate cross-government technology policy by directing departments and agencies towards the sort of cost-efficient and transformative solutions which can reduce both direct IT costs and wider costs of government. — Plans for the transfer of some public services to online-only delivery should be accelerated (with suitable support mechanisms for those unable to get online). — The Government should find ways of harnessing the private capital of IT suppliers like HP, many of whom are ready and willing to make investments in delivering more standardised IT infrastructure or transformational programmes to public sector organisations. This would however rely on agreement of a more predictable business model than the “build it and they will come” approach, in which the market has little faith due to the historical lack of a more coordinated government technology policy.
10. How well does Government take advantage of new technological developments and external expertise? 10.1 Perhaps surprisingly, HP would argue that it is not always desirable for Government to be at the leading edge of new technologies. Unlike for a private sector organisation, there is little “competitive advantage” to be had by Government taking big risks in order to be an early adopter. 10.2 It is right that Government should continuously evaluate new technologies, but it should only move to their widespread adoption when they are sufficiently mature to be implemented without the taxpayer having to fund the costs of upscaling, and where there is a clear business case for doing so. In some cases, technology can be exploited to deliver significant benefit at low risk and low cost—such as social networking. Exploitation of other technologies can demand a more considered approach. Often technology is considerably cheaper to deploy a few years downstream when initial implementation problems have been ironed out. 10.3 There are some areas however, where the Government is behind the private sector in the adoption of what are now tried and tested technologies. Examples include mobile telephony and email for contact with citizens, and the use of risk profiling to reduce fraud. 10.4 With regard to external expertise Government organisations tend to be over-reliant in the areas of procurement advice and management, setting IT strategy and architecture and defining and implementing security policy. Conversely, they tend to avoid taking advantage of external expertise when formulating new policy, particularly in terms of considering the resulting complexity of implementing the necessary IT and how policy might be tuned from the outset to address these challenges.
11. How appropriate is the Government’s existing approach to information security, information assurance and privacy? 11.1 The need for effective information security and assurance is a strong feature of current government technology policy. 11.2 Since a series of well-publicised data loss incidents in 2007Ð08, there has been an increased focus on Information Assurance (IA) within the government supply chain, for example through the joint Intellect/HMG IS&A Board. For information risk management to be fully effective the products of this work (eg the Supply Chain IA Tool—SIAT) should be fully implemented. To date this has not happened. 11.3 Whilst the need to ensure security of sensitive and personal data is paramount, there are occasions when current practice in these areas can create barriers to delivering more cost-effective IT solutions. For example: Public Administration Committee: Evidence Ev 109
11.4 The Security Policy Framework (SPF) is a key element of HMG’s security strategy. Although strongly supported by each organisation, different interpretations of the SPF, and the requirement for individual accreditation of IT solutions by each department or agency can prove an obstacle to sharing services. Pan- government accreditation could achieve significant cost savings and streamline procurement and implementation without compromising security. 11.5 Differing risk appetites amongst Senior Information Risk Owners (SIROs) can be an obstacle to more consistent solutions. The appointment of a pan-government SIRO (eg within Cabinet Office), and the adoption of proven information security management schemes (eg those from DWP) more widely would give focus for normalisation, improve governance of security and information assurance, and reduce cost. 11.6 Security Clearances are required for staff in many roles but clearances are not transportable between departments and processes are inefficient, leading to delays in the assignment of staff to role with inevitable exposure to risk and cost increases. Clearances should be transportable between organisations with activity specific checks being an addition only rather than requiring a re-vet.
12. How well does the UK compare to other countries with regard to government procurement and application of IT systems? 12.1 UK government IT spend rates as high in almost every international comparison. However, surveys of the sophistication and availability of online government services, including recent EU benchmarks5 reflect the UK in a positive light and illustrate progress over time. 12.2 Technology companies such as HP can play a vital role in importing know-how from other countries. Our experience leads us to the following observations: 12.3 UK Government organisations are consistently open in their adherence to procurement regulations and fair in their evaluation of bids from different suppliers. The market functions effectively, with few barriers to changing supplier and with a large number of competitive suppliers. Our perception is that the UK market is amongst the most open in the world. 12.4 Whilst there are barriers to direct participation in government procurements by SMEs, there is a strong culture of larger suppliers facilitating access to government contracts through “eco-systems” of SME subcontractors. 12.5 Government organisations elsewhere in Europe who operate under the same underpinning procurement regulations tend to conclude their IT procurements more quickly than in the UK and with less reliance on external support. 12.6 Governments elsewhere in the world have been more willing to adopt tighter controls over cross- Government technology policies. The Australian Government commissioned Sir Peter Gershon to conduct a review of its use of IT.6 His report identified a “current model of weak governance of ICT at a whole-of- government level and very high levels of agency autonomy” (a situation which mirrors that in the UK). He proposed “change from a status quo where agency autonomy is a longstanding characteristic”. The Australian Government adopted his recommendations in full, and now departments who wish to deviate from the new model can only do so with Ministerial permission following a value for money assessment. 12.7 Other Governments have been more willing to combine tight control with moves which maximise their purchasing power by undertaking procurement on a cross-Government basis. The New Zealand government has just launched a procurement7 which will see nine government organisations move to the Infrastructure as a Service model (question 8). 12.8 Some Governments have been bolder in using their procurement activity to secure wider policy outcomes. In the United States there is a federally-mandated quota which demands that Government prime contractors pass through a proportion of their contract value to “disadvantaged” companies. In a similar vein, “Mentor-Protégé” programmes have been established at both Federal and State level to encourage prime contractors to assist Small and Medium Enterprises, with formal evaluation of outcomes undertaken by the Federal Government’s Small Business Administration.
Annex HP’S WORK FOR HER MAJESTY’S GOVERNMENT HP is the largest supplier of IT services to Her Majesty’s Government. Its principal clients are currently the Department for Work and Pensions, the Ministry of Defence, Ministry of Justice, Foreign and Commonwealth Office and the Northern Ireland Office. 5 “Smarter, Faster, Better eGovernment, 8th Benchmark Measurement, November 2009” http://www.epractice.eu/en/library/299159 6 “Review of the Australian Government’s Use of Information and Communication Technology” http://www.finance.gov.au/publications/ict-review/index.html 7 “Government in $2bn shake-up of data systems” http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10700115 Ev 110 Public Administration Committee: Evidence
Department for Work and Pensions HP has been providing IT services and delivering modernisation programmes for the various agencies and departments of the DWP since 1989. More than 3,000 of HP ES’ staff, clustered in three main areas in the North West, North East, and South Yorkshire, support most of DWP’s business systems for the Department’s key agencies, including JobCentre Plus, the Pension Service and the Child Support Agency. The TREDSS agreement, signed in 2005, realigned HP’s contracts with the department into an industry-standard tower-based model, consolidating multiple previous commercial arrangements and leading to cost savings approaching £200 million a year for the DWP. This model is now being adopted as the basis of the emerging government IT strategy. Through a separate contract HP is a subcontractor to Post Office Limited for the support of the Government Card Account (GCA), formerly the Post Office Card Account, which provides electronic payment services to around four million recipients of both DWP benefits and tax credits (paid by Her Majesty’s Revenue and Customs) who do not possess a bank account.
Ministry of Defence HP has worked in partnership with the MOD for over 25 years in support of both frontline and “back office” activities, delivering information and technology services, from specific “battlespace” applications, to logistics and personnel services. In April 2005, HP (then EDS), as the prime contractor for the ATLAS consortium, was awarded the Defence Information Infrastructure (DII) contract, the delivery of which remains underway. HP also works with the Service Personnel and Veterans’ Agency (SPVA) in support of the Joint Personnel Administration (JPA) programme. This initiative has seen the consolidation of HR and payroll services for all three branches of the armed forces into a single agency, and was re-awarded to HP following a competitive tender during 2008.
Ministry of Justice HP is the primary supplier of IT services to Her Majesty’s Prison Service, now part of the Ministry of Justice. Through the QUANTUM contract, HP provides desktop, network and other infrastructure services to HMPS headquarters and all 143 prisons, and has completed more than 150 separate IT projects, including the development of the Offender Assessment System (OASys). HP is the IT partner for HMPS’ Phoenix Shared Services programme providing HR, finance and procurement to all public sector prisons and is currently working with the MoJ to deliver its DOME (Delivering on Ministry Efficiencies) programme.
Foreign and Commonwealth Office In 2005 HP agreed a contract with the Foreign and Commonwealth Office to deliver “Future Firecrest”, the FCO’s global technology infrastructure platform, which will replace the desktop computing platform for the FCO’s UK operations and in embassies and consular offices around the world. FCO staff overseas and in the UK are now using the new platform.
Northern Ireland Office HP is currently operating two contracts in Northern Ireland—the e-Planning project for the Northern Ireland Office, and the Classroom2000 programme for the Western Education and Library Board (WELB) which supports education, library and youth services in the council areas of Omagh, Fermanagh, Derry, Strabane and Limavady. January 2011
Written evidence submitted by Erudine Summary 1) The fundamental reason why so many IT-enabled government service delivery programmes fail is that they adopt a flawed IT development approach that cannot accommodate unanticipated change. As a result, the more complex and long term the project, the more flawed the project and delivery becomes. 2) Prime IT contractors rely on exploiting post-contract change requests (which are inevitable in a multi- year programme). Also, being the gatekeepers for those projects, prime contractors can and do prevent deployment of innovation that can make subsequent change requests cheap or quick to do as they threaten their lucrative revenue streams. 3) This model assumes a non-changing, static world which makes it inadequate for the demands of large- scale IT enabled government service delivery. This is known generally as the “waterfall” approach and involves a sequential design process flowing steadily through various phases to completion (for an overview see: http:// en.wikipedia.org/wiki/Waterfall_model). That fundamentally is the core reason why so many government reports (hopefully not this PASC one) have been written and not acted upon, and why current planned programmes, such as the Universal Credit system, looks set to go the same way. Public Administration Committee: Evidence Ev 111
4) The way forward (with spectacular demonstrable success led by the likes of Amazon, Google, e-Bay and others) is to use iterative agile approaches to development and process which embrace and accommodate change, break large systems into component re-usable applications, and focus on payment by usage or results. This “agile” approach requires a step-change in the core skill set from large scale technically oriented systems integration to hybrid technology/business service component assembly. Commercial companies are adopting this concept, making step change savings on traditional approaches. 5) Adopting agile approaches is against the interests of incumbent IT prime contractors to government who stand to be disintermediated (to their detriment but to the benefit of the taxpayer). There is strong rearguard action and lobbying from them fundamentally to maintain the status quo of the waterfall approach as long as possible. 6) The outgoing Government CIO, John Suffolk, recognised the need for adopting an agile approach to break the stranglehold of current incumbent suppliers and to dramatically reduce the cost of change requests. The Cabinet Office ICT Policy published January 2010 (http://webarchive.nationalarchives.gov.uk/ 20100304041448/http://www.cabinetoffice.gov.uk/cio/ict.aspx) sets this out clearly but appears to be languishing in the doldrums, with continued emphasis on the “status quo” “waterfall” model. 7) Savings will still be possible within the old “change request” approach, and those in the Efficiency and Reform group are by background well placed to shave savings—possibly up to the 20% (see appendix) mooted in the Treasury’s Martin Read Report—but this will simply bring UK government up to par with France and Germany and will not solve the exploitation of the current crippling change request culture in Government IT. 8) The current model is flawed because it cannot accommodate change but is too embedded within government to change. The incumbent suppliers are too powerful, and the executive resolve to change appears too weak. 9) We are happy to answer questions from PASC, and expand on the implications of the above in the context of your questions.
Erudine Responses to Specific PASC Questions Q1. How well is technology policy co-ordinated across Government? There appears to be no clear technology policy. The Cabinet Office ICT Policy published in Jan 2010 provided a constructive path forwards away from the current capital intensive “waterfall” approach (which cannot accommodate change) towards an agile, a componentised, open, pay-by-usage approach (which expects and embraces change). This policy document has not been revised at the time of writing and is currently on indefinite hold. Co-ordination appears poor on four fronts: (a) Ministers are clear about the nature of the step change in delivery and efficiencies they require. (b) The former Government CIO was in tune with those requirements and taking active steps to take government IT but has now departed and the progress halted. (c) The Cabinet Office Efficiency and Reform Group appears to be continuing the “business as usual” which cannot accommodate change. It also appears to lack teeth to enforce change within the departments. (d) Departments look to be continuing the “waterfall” approach—also encouraged by their incumbent suppliers.
Q3. Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learnt and applied? — They cannot be applied and learnt because subsequent programmes have retained the flawed model of capital intensive “waterfall” IT enabled service delivery, whereas the solution is a componentised, payment by results G-Cloud approach—the approach recognised within Cabinet Office and enshrined in the Cabinet Office ICT Policy: (http://webarchive.nationalarchives.gov.uk/ 20100304041448/http://www.cabinetoffice.gov.uk/cio/ict.aspx)
Q10. How well does Government take advantage of new technological developments and external expertise? Government, through its excellent R&D assistance, invests in British innovation and helps see them through technical due diligence. However Government is structurally unable to deploy the innovation it sponsors as the gatekeepers for adopting that innovation are often those whose revenue streams are most threatened by that innovation. The more money innovation will save the less likely it will be adopted. Our view is that British innovators are wasting their energies and resources trying to get traction with government and should focus us elsewhere. Ev 112 Public Administration Committee: Evidence
Where government departments latch on to a new technological approach, for example “agile computing”, the framework for success appears to be poorly understood. Ambitions to try to shoe-horn, for example agile computing development, into the traditional approach which a two-year procurement cycle (which assumes a static environment and cannot foresee change) is a recipe for failure
Erudine Ltd — Erudine Ltd is a Yorkshire-based software development company which has done more than most companies in demonstrating significant potential savings within government service delivery. Unusually for any SME, the company engaged closely pro bono for over a year with the Cabinet Office Efficiency Programme to give views on the most efficient and effective ways of moving from the current capital intensive “waterfall” IT enabled service delivery to a componentised, payment by results G-Cloud approach. — It also recently set up two round tables of CIOs from major commercial organisations who had delivered step changes: — one to examine the fundamental changes government IT needed to make for successful delivery; (www.erudine.com/downloads/Erudine_Govt_IT_report.pdf) — and the other (with City University) to demonstrate practically how 25% of government IT internal expenditure could effectively be placed with SMEs (reports in attached pdf files for your reference). (www.erudine.com/downloads/City_University_Erudine_Policy_Paper_ Final.pdf) — Our experiences with government IT have made us deeply pessimistic for the future of core government systems, and sceptical that anything positive can be achieved from this report. However, we will happily speak to your Committee.
APPENDIX
THE THEORETICAL LIMITS TO SAVINGS FROM THE CURRENT “WATERFALL” APPROACH TO IT-ENABLED GOVERNMENT SERVICE DELIVERY
(From Martin Read’s Report for HM Treasury on its Operational Efficiency Programme, Back Office Operations & IT, May 2009]. The failure of the ICT industry to deliver to the citizen means that even a 20% savings in ICT spend does not take the UK up to German and French levels of efficiency. There is no foundation for claiming that the current approaches and development models currently used will deliver significant extra value to the UK government when put in this European context. Extract from: Operational Efficiency Final Report: HM Treasury: April 2009 (http://www.bis.gov.uk/ assets/biscore/shex/files/oep_final_report_210409_pu728.pdf) 4.36 In summary, whilst it is difficult to make directly comparable estimates of international public sector IT spend, and even more difficult to assess the benefits derived from this spend, the above analysis strongly suggests that the UK public sector’s IT spend is much more than other similar countries and that the UK does not get a proportionate return from this much higher spend. This analysis is supported by recent data from Kable22 which shows public sector IT spending in the UK is 22% higher than in France and 37.5% higher than Germany. 4.37 Even if an assumption is made that the estimate of UK public sector IT spend using Gartner data is too high and the estimate of £18.4 billion is reduced by 13%, (ie bringing it in line with the OEP’s £16 billion estimate) and that estimates for the average of France and Germany’s IT spend are too low, and these estimates are increased by the same proportion (13%), the difference in spend would still be 88%. Put another way, even assuming a 13% over-estimate of UK IT spend and a 13% under-estimate of French and German IT spend, the UK still spends nearly twice as much as the average of France and Germany. Even allowing for the inaccuracies of the data collected, it is clear that significant savings should be possible. 4.38 Further support for this conclusion comes from a separate survey conducted by Kable. This shows, for example, that reducing public sector IT expenditure in the UK to the average of France and Germany would involve a 23% reduction in UK public sector IT spend. 4.39 Based on these two pieces of analysis, a 20% saving on the estimated £16 billion spend (equivalent to £3.2 billion) appears to be achievable. January 2011 Public Administration Committee: Evidence Ev 113
Written evidence submitted by Intellect 1. About Intellect 1.1 Intellect is the UK trade association for the IT, telecommunications and electronics industries, representing 770 member companies from SMEs to large multinationals, which account for approximately 10% of UK GDP. We are a not-for-profit and technology-neutral organisation. 1.2 The majority of our members supply the UK public sector. This submission draws on their collective expertise and presents the perspective of the UK technology industry.
2. Summary and Recommendations 2.1 Technology for the consumer is moving ahead at light speed. Yet UK citizens and frontline public sector staff often are forced to deal with outdated public services. 2.2 Great leaps have been made in productivity in the private sector by using technology to drive new ways of working. But the UK government has made only patchy progress towards adopting modern business practices for running its operations. 2.3 Government operates in silos, procurement is not fit-for-purpose, a risk-averse culture prevails, technology policy co-ordination and governance are ineffective, and the best people with the best skills are not made best use of. Adoption of new technology is slow, and innovative suppliers keen to enter the market encounter a host of barriers. Public services are designed around the structure of government as opposed to citizens’ needs. 2.4 However, there are also scores of examples of excellence. The Oyster card service and congestion charging in London, online driver’s license renewals and tax returns, smart phones for emergency service workers, the digital x-ray service and a host of back-office efficiency initiatives are improving services and cutting costs. The Tell Us Once initiative, which has started small and is now scaling up, is a great example of common sense. 2.5 The “age of austerity” may serve as a catalyst for radical change, or it may lead to even greater risk aversion and a retrenchment that stifles innovation. Intellect and the technology industry have worked long and hard with the UK government to achieve change, but with mixed results. However, we are encouraged by the new government’s appetite to drive reform, and are confident that longstanding problems can be solved by bringing a joined-up government together with a joined-up technology industry. 2.6 Throughout this submission we make recommendations for how things could be done differently. The following are priorities. 2.6.1 Use private sector processes as the standard by which to measure government processes. Government is indeed different, but there’s no reason we shouldn’t aim for the same standard as the private sector. 2.6.2 First, decide your business needs. Then, decide on the technology. Department heads tend to own budgets, not CIOs. Their needs drive ICT requirements and these should be co-ordinated across government. 2.6.3 Ensure accountability and leadership. There should be Ministerial sponsorship for all large programmes, ideally maintained through transitions of responsibility. Senior Responsible Owners (SROs) of appropriate seniority and experience should lead programmes of all sizes from conception through procurement and delivery. 2.6.4 Incentivise civil servants to deliver policy and financial outcomes. Civil service bonuses should be explicitly linked to delivering policy or cost reductions. Overseeing a significant technology- enabled business change programme should be a requirement for reaching the top. 2.6.5 Follow through on reforms to procurement. The Efficiency and Reform Group has taken a number of steps to take procurement reform to the next level. We are keen to see this work accelerated and initiatives implemented. 2.6.6 Suppliers have some great ideas. Listen to them. Engaging with suppliers, large and small, is key to understanding the art of the possible. Ideas that could save greater than £1 million or 5% should be reviewed with permanent secretaries or Ministers. As part of the transparency agenda, these ideas and the subsequent decisions made could be published online.
3. Responses to Specific Questions 3.1 How well is technology policy co-ordinated across Government? 3.1.1 Despite many hours of debate in CIO/CTO Councils, OGC/ERG and the Cabinet Office, there is little evidence that, even if a cross-government policy for technology exists, it has had any major positive impact. Some commonality is emerging in specific areas, such as information assurance, but government departments and agencies often resist centrally driven policy. Ev 114 Public Administration Committee: Evidence
3.1.2 If the government wishes to be regarded as a single customer by suppliers, it must behave as one. All across the public sector, departmental heads own budgets, not CIOs. Their needs drive ICT requirements and they are often not co-ordinated. Policy should therefore be co-ordinated at the business process level; co- ordination of ICT standards will follow. Does a change make the citizen’s or user’s job easier and does it reduce administration and increase service? If not, why are we doing this? These should be the questions asked. Instead suppliers are always asked about technology and price. 3.1.3 Strategic supplier engagement has been effective in the past (eg through the Strategic Supply Board) in bringing government together with the industry to find solutions to shared problems. This type of collective action is vital to the success of government.
3.2 How effective are its governance arrangements? 3.2.1 Budget holders prioritise according to their business needs and implement governance accordingly. Technology governance will be, and has been, a secondary requirement. 3.2.2 Governance is generally effective on a departmental/agency/authority basis, but not across government. Revenues and benefits systems, for example, could be very usefully standardised across local government to link with DWP’s systems. Instead, local government is still using a variety of systems at a great cost premium. 3.2.3 Monitoring and tracking of implementation leaves much to be desired—there is no standardised mechanism for proof of value or re-use, little use of benchmarking and poor attention to return on investment or total cost of ownership. 3.2.4 The Gateway and Major Projects Review processes were designed to intervene in major projects that didn’t have upfront business cases or demonstrated signs of going off the rails. Many of these reviews have become box-ticking exercises. As a consequence, projects that aren’t fit-for-purpose are not stopped or re- scoped. 3.2.5 The new government is starting to make a positive impact, with the creation of the Efficiency and Reform Group, the role of government COO, and the drive to mandate policies and consolidate solutions from the centre. It is too early to tell how the ERG will impact major project delivery but the Major Projects Review Group’s new processes are designed to intervene more directly. These may serve as effective mechanisms for central government, but the wider public sector is another matter.
3.3 Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learnt and applied? 3.3.1 While some lessons have been learnt and applied, the same mistakes are repeated over and over again. In fact, the recommendations from “Getting IT Right”,8 published 11 years ago by Intellect’s predecessor, the CSSA, remain valid. We still need a single, stable source of strong leadership, a modular approach to delivery, and early engagement with a broad spectrum of the industry to highlight opportunities and challenges. 3.3.2 More work needs to be done to improve business planning, defining outcome-based requirements and managing projects. Government is not good at drawing a line under requirements, and continuous redrafting adds delay, cost and complexity. It is far better to get a base-line service in that works and build on it at a later stage. There also tends to be too much focus on quick wins, avoiding the real challenges. 3.3.3 In general projects should not be implemented with a customer vs. supplier mentality, but instead delivered in partnership. A silo approach is inefficient; a programme approach based on strategic needs would be preferable. Additionally, traditional project implementation methodologies (eg “waterfall”) are less appropriate to “the new world”, where rapid prototyping can achieve faster time to market at lower risk and cost.
3.4 How well is IT used in the design, delivery and improvement of public services? 3.4.1 Technology tends to be considered separately from business change. The traditional “design everything up front” approach to requirements specification and contract terms prevents the industry really engaging to support improved outcomes. This leads to technology being shoehorned into set practices rather than informing or shaping new ways of doing things. 3.4.2 Most government services are underpinned by ICT. DirectGov, the Pensions Advisory Service and Self Assessment online, for example, have used ICT to help provide real value. Much more is possible, however. In the future it should be possible to have one secure entry point to access the relevant information concerning individual citizens, including tax and benefit information. Online interaction between the individual and government concerning any errors, actions or updates should be possible. 3.4.3 Delivering services online will not necessarily be the best or only option, but technology generally helps to substantially improve services and cut costs. Therefore, when determining solutions to their business needs, government budget holders should operate on a “digital by default” basis and provide clear justification 8 http://www.intellectuk.org/component/option,com_docman/task,doc_download/gid,131/ Public Administration Committee: Evidence Ev 115
for running services in other, more costly ways. The corollary to this is to turn off the other “channels” once digital services are running effectively to avoid costly duplication of processes. 3.4.4 Improvements to government business processes have lagged behind those in the private sector. Government is indeed different. Nevertheless, the private sector should be used as a benchmark. Government non-executive directors should be an excellent source of information on best practice.
3.5 What role should IT play in a “post-bureaucratic age”? 3.5.1 Technology-enabled change can transform citizens’ interaction with government. Transparency of information will enable public accountability and better engagement with the democratic process. Open public data will allow developers to design services that meet the needs of citizens—the apps created around the London cycle hire scheme are a good example. The government skunkworks and technology demonstrators will be used to quickly look at how things might be done differently or better. 3.5.2 ICT is a tool to satisfy the business requirements of the day. In the past, ICT has been perceived as a “business cost”. In the post-bureaucratic age it should be a key enabler within the new government’s strategy, assisting to fix problems, but this must work hand in hand with policy and process change. A better way of looking at this question might be, “What changes in government business requirements will emerge in a post- bureaucratic age?”
3.6 What skills does Government have and what are those it must develop in order to acquire IT capability? 3.6.1 In general the government IT profession has made some good progress to develop key skills. At present there are high levels of various skills all over government. “Intelligent customer” skills can be quite good in individual departments, but not across the board. Project and change management skills are lacking. More people are needed who thoroughly understand the government’s business priorities, suppliers and contracts. 3.6.2 The challenge for government is using the most skilled people for the right jobs in the right places. Centres of competence and real technical experts are not generally recognised across government, and there is little attempt to reuse existing skills and experience. This more of a management issue, as opposed to an underlying ICT issue.
3.7 How well do current procurement policies and practices work? 3.7.1 The procurement process is lengthy and cumbersome (especially counterproductive when procuring technology due to its rapid evolution). Procurement varies widely and depends on the maturity of the government customer. Some government bodies procure very professionally and efficiently. However, government procurers often focus on following all the rules, as opposed to common sense. 3.7.2 Government customers operate in an environment that allows little ability to take risks, where there is an increasing prevalence of legal challenge, and where they are encouraged only to meet the aims of their respective departments. Proper due diligence, feasibility studies and planning are often poorly conducted at the expense of the procurement process further down the line. Requirements are based on technology specifics instead of business and performance outcomes, and these are sometimes set without engaging potential suppliers at all before going to market. There are stacks of overlapping framework agreements across government that are never used. 3.7.3 Intellect has done a huge amount of work with the government over the years to develop potential improvements, but implementation has been slow. Our top-line recommendations are the following. 3.7.3.1 Senior leadership is vital. Procurements should be led by the SRO, not procurement professionals. This should be mirrored by a senior lead on the supplier side—a Senior Responsible Industry Executive. 3.7.3.2 An elite team of government advisers that provides support across government combined with boiler plate contract terms and other paperwork will help minimise the need for external third party advisers. 3.7.3.3 SME participation can be improved by using iterative and incremental procurements to prove and pilot potential solutions before wider roll-out.
3.8 What infrastructure, data or other assets does government need to own, or to control directly, in order to make effective use of IT? 3.8.1 This is dependent on the processes to be supported, so mature government-industry dialogue on who should own what is required. Except for very high security work, the government has no inherent need to own or control infrastructure and data assets. Government will likely wish to own or control its business critical processes; however, support systems can be run by other organisations at much lower cost. 3.8.2 Despite large-scale virtualisation in the private sector to sharply reduce operating costs, there has been little progress towards consolidating the approximately 200 data centres across government. Is there a need for government to own its data centre estate? Why not simply outsource data centre capacity progressively, starting Ev 116 Public Administration Committee: Evidence
with the least-efficient facilities? In addition, secure “public clouds” (applicable to up to 85% of government requirements) could serve as a catalyst for greater use of standard infrastructure and back office services at very competitive prices.
3.9 How will public sector IT adapt to the new “age of austerity”? 3.9.1 Austerity is already forcing some behavioural change and increasing the pace of collaboration. However, budget cuts could lead to even greater aversion to risk in the public sector and a hunkering-down mentality that stifles innovation. In fact, technology companies are reporting an overly-conservative approach appearing in many areas of government. 3.9.2 To ensure budget cuts lead to productive change, radical decisions need to be taken at the business level and civil servants need to be incentivised to take calculated risks. For example, civil service bonuses should be explicitly linked to the delivery of policy or financial outcomes, and overseeing a major technology change programme should be a necessary step for reaching the top. 3.9.3 Sweating assets will likely be a popular short-term strategy, but this is not a long-term solution. Greater agility and the ability to modernise easily and cheaply will need to be the focus. A strong centre can help by providing a core, intelligent customer function. Many technology-enabled reform initiatives with the potential to improve services and cut costs have been on the table for at least two years; these should be put into action as soon as possible. More generally, it would be beneficial for government and industry to work together to explore new financial models, taking into account companies’ focus on in-year revenue and the government’s focus on savings in-year or over the life of parliament.
3.10 How well does Government take advantage of new technological developments and external expertise? 3.10.1 Progress has lagged far behind the private sector. Cloud computing, for example, holds enormous potential to cut costs and change government’s service delivery model, but adoption has been slow. Government’s access to new technology is significantly limited by its procurement processes and the high cost for new suppliers to enter the market. In a more service-oriented world this wouldn’t matter as suppliers would develop or incorporate new technology in order to drive prices down or profits up.
3.11 How appropriate is the Government’s existing approach to information security, information assurance and privacy? 3.11.1 Security needs to be infused into government’s DNA. However, the levels of security provided need to be commensurate with the respective services. Costs to develop high security systems outweigh the need to secure certain types of information. Currently, some security criteria are applied to all levels of documentation or service irrespective of the sensitivity and nature of the material, significantly increasing complexity and cost. The government’s existing approach risks blocking its ability to take advantage of major developments that could help drive out cost and increase flexibility. 3.11.2 Recently, there have been some positive developments to how government addresses data handling and information security. Since the data losses in 2007Ð08, government and industry have focused on resolving problems in the government’s supply chain through the Information Security & Assurance Board. The board has proved a successful partnership between government and industry and could be used as a model for broader information assurance and cyber security challenges. 3.11.3 Common commercial standards of data security and privacy should apply to many areas. A better question here might be, “Who should decide the exceptions to adopting private sector data and privacy standards and what process should be used to make those decisions?”
3.12 How well does the UK compare to other countries with regard to government procurement and application of IT systems? 3.12.1 The US has similar challenges, recently finding “another 1,000 data centres” and declaring they were losing the cyber war. 3.12.2 Most European countries have far fewer government departments than the UK. Many have one Department of Finance, for instance, which would handle all responsibilities currently held by HMRC, DWP and HM Treasury in the UK. Europe also has a much larger regional government structure that is less centralised, which keeps projects smaller. This has made it much easier to procure and implement ICT systems. 3.12.3 In some areas the UK has led the way. For example, the Netherlands is adopting our Concept Viability9 approach and Australia is adopting the procurement pre-qualification tool and IT supplier code of best practice. January 2011
9 http://www.intellectuk.org/conceptviability Public Administration Committee: Evidence Ev 117
Written evidence submitted by Rt Hon Francis Maude MP, Minister for the Cabinet Office This Memorandum answers questions submitted by the Public Administration Select Committee for the Cabinet Office evidence session on 30 March 2011.
Question 1: A summary of recent Government initiatives and policies aiming at reforming how it uses IT Answer: The following represents the relevant commitments made in the Structural Reform Plan included in the Cabinet Office Business Plan. The detail is included in Annex A. 1.3 Cut the costs of existing government contracts and improve long term supplier management 1.4 Change the process for managing large projects 1.9 Integrate ICT infrastructure across central government, and improve value for money in ICT 1.10 Create new ICT procurement process 1.11 Identify ICT projects and programmes to terminate and ensure that these are decommissioned 1.12 Improve the rules around designing and running ICT projects and services 1.13 Create a new government channel strategy to increase engagement, lower costs, and improve the delivery of online services 2.3 Create a new “right to data” in conjunction with the Ministry of Justice The following table lists the announcements that have been made. Date Source of Statement Summary of statement 24 May 2010 HMG announcement As part of the Chancellor’s drive to save £6.2 billion of public spend in 2010, Government announced the formation of the Efficiency and Reform Group (ERG), whose board would be chaired by Chief Secretary to the Treasury and Minister for the Cabinet Office. With immediate effect, their priorities to ICT were a freeze on new ICT spend above £1m, a review of all large ICT projects and renegotiations with major suppliers. 30 July 2010 Cabinet Office announcement As part of the Government’s commitment to transparency, the Programme for Government (PFG) would drive forward a number of initiatives. Treasury’s COINS database of public spending has been released to the public; Government has drafted its Public Data Principles on data.gov.uk and announced the intention to publish details of all ICT contracts above £1 million in value. Government has also announced its commitment to Open Source and Open Standards, with Guidance for Procurers to be published in September 2010. 18 October 2010 Minister for the Cabinet Office Stated his intentions to leave “No stone unturned” in the push for efficiency savings, with ERG leading the drive. In addition to ERG controls which stipulate that ICT projects over £1 million must be approved centrally, a review of over 300 ICT projects has taken place, with estimated savings of £1 billion coming from their re-scoping or closure. 16 December 2010 Cabinet Office announcement Government expects to save £3 billion in one year as a result of the efficiency and reform measures implemented in 2010. Around £1 billion has been achieved so far, with £500 million coming from the moratoria on consulting, ICT and recruitment. Furthermore, details of all ICT projects over £1 million as of 31 July 2010 have been published by Cabinet Office, as have the Operational Efficiency Programme Benchmarking report for April 2009 to May 2010, which highlights the poor quality of previous government data. Ev 118 Public Administration Committee: Evidence
Date Source of Statement Summary of statement 31 January 2011 Cabinet Office announcement Announced that from 1 February 2011, Joe Harley CBE will be Government Chief Information Officer (CIO). He takes the role alongside his duties as DWP CIO and Director General. Bill McCluggage, Deputy CIO will report directly to Joe. His new role will cover the ICT agenda for data centre, network, software and asset consolidation and cloud. He will also recruit a Director of ICT Futures, who will be responsible for directing agile methods and skunkworks. 2 March 2011 Minister for the Cabinet Office and Announced new governmental-wide spend Chief Secretary to HMT controls on recruitment, consultancy, property, advertising and marketing and ICT. All new ICT spend above £5 million will now be subject to Cabinet Office approval and the newly formed Major Projects Authority will oversee all large projects. 3 March 2011 Ian Watmore Government needs to look to make more use of “agile” methodology in its implementation of IT projects. He said it needs to, where appropriate, adopt agile—which involves modular and iterative developments with heavy user involvement and feedback—along with building a “platform” for a government- wide approach to IT.
Question 2: An assessment of why the Government has found it so difficult to reform IT in the past
Looking at previous Governments policies toward IT, the documents contain similar analysis of the problems and proposed solutions. For example, the 1999 Modernising Government White Paper the Government needed to bring about: “a fundamental change in the way we use IT. We must modernise the business of government itself— achieving joined up working between different parts of government and providing new, efficient and convenient ways for citizens and businesses to communicate with government and to receive services.”[1]
This language doesn’t seem too different from what the Government is saying at the moment. This leads to the question “Why has Government found it bring about change in the way it uses IT?”
Answer:
Large organisations in both the Private and Public sector suffer delay and failure in the delivery of big projects and programmes with substantial ICT elements. Given the greater profile of the public sector failures, and the general lack of information on comparable failures within the private sector, issues with government projects and programmes seem significantly more prevalent than their private sector counterparts.
Nonetheless, there have been significant failings in government projects and programmes.
The reasons why the Government has found it difficult to reform IT in the past are: — projects tend to be too big, leading to greater risk, complexity and limiting the range of suppliers who can compete; — departments, agencies and public bodies too rarely reuse and adapt systems available off the shelf or already commissioned by another part of government, leading to wasteful duplication; — systems are too rarely interoperable; — the infrastructure is insufficiently integrated, leading to inefficiency and separation; — there is serious over-capacity, especially in data centres; — procurement timescales are far too long and costly, squeezing out all but the biggest, usually multinational, suppliers; and — there has been too little attention given at senior levels to the implementation of big ICT projects and programmes, either by senior officials or by ministers. Similarly, Senior Responsible Owners (SROs) often move on due to change in roles. Public Administration Committee: Evidence Ev 119
Question 3: How will the Government’s current approach address the problems it has faced in the past? This follows on from the previous question. Given the Government has faced these challenges before, and has not made as much progress as it would have liked, how will the current Government’s approach avoid repeating old mistakes?
Answer: Government is determined not to repeat the mistakes of the past. In order to do this Government recognises that ICT is important for the delivery of efficient, cost-effective public services that are responsive to the needs of citizens and businesses. We want government ICT to be open. Open to the people and organisations that use our services. And open to any provider regardless of size. To address the challenges listed in question 2, we have done, or will do, the following: — introduce new central controls to ensure greater consistency and integration; — take powers to remove excess capacity; — create a level playing field for open source software; — greatly streamline procurement and specify by outcomes rather than inputs; — create a presumption against projects having a lifetime value of more than £100 million; — impose compulsory open standards, starting with interoperability and security; — create a comprehensive asset register; — create a cross-public sector Applications Store; — require SROs to stay in post until an appropriate break point in project/programme life; and — encourage boards to hold ministers and senior officials to account on a regular basis for the progress of projects and programmes with substantial ICT elements. It is planned that these initiatives will be funded from within existing spending plans. They are all about spending money better, rather than spending more, and will be used as exemplars of the Government’s major projects methodology.
Question 4: What is the Government’s current policy towards; Open Source, G-cloud, and Agile Development? This may have been covered under 1, but if it hasn’t it would be useful to have the most recent policy statements on the use of these technologies. They are raised quite often in the evidence as part of the “solution” to government IT.
Answer: (a) Open Source Policy Government Open Source policy is a commitment to ensuring a level playing field for open source and proprietary software, as outlined in the Cabinet Office’s Business Plan.10 The current strategy on Open Source has three activities; namely: — educate the user; so that Government is an intelligent customer and knows how to articulate Open Source requirements; — update the procurement process; and — work with suppliers to ensure that they are offering appropriate Open Source solutions. Progress to date — Ministerial Statement—“The days of the mega IT contracts are over, we will need you to rethink the way you approach projects, making them smaller, off the shelf and open source where possible”. Francis Maude MP, Minister for the Cabinet Office, 2 December 2010. — Guidance for Procurers Document—Following the Minister’s statement the Cabinet Office completed a review of the existing procurement rules and is now working to complete Guidance for Procurers—a document aimed at educating public sector procurement professionals on best practice for evaluating open source software. This will be published by May 2011. — Assessment Model and Options Paper—As part of the Guidance for Procurers, Cabinet Office is working on a model which assesses the maturity of a number of Open Source solutions and is compiling a catalogue of acceptable Open Source alternatives to their proprietary counterparts. 10 Section ii) of action 1.12 of the Cabinet Office Business Plan 2011Ð15, published in November 2010 stated that Cabinet Office would “Evaluate existing procurement rules designed to ensure a level playing field for open source software and explore options for strengthening current practice” (completed in December 2010). Ev 120 Public Administration Committee: Evidence
— Supplier Forum—On 21 of February 2011 Cabinet Office hosted the first Open Source Supplier Forum, gathering representatives from the top ICT suppliers to Government (including IBM, CSC, Accenture, HP, Logica) to explain that Government is actively seeking out, but not mandating, Open Source-based solutions. These meetings will be held on a quarterly basis. — Open Source Implementation Group—On 21 of March 2011 Cabinet Office will be hosting its first Open Source Implementation Group, gathering departmental representatives to discuss where there have been successes and challenges with deploying Open Source across government. The outcomes will focus on building profiles of suitable Open Source options for government, troubleshooting and investigating opportunities for sharing capability on Open Source platforms. — Advisory Panel—In February 2011 Cabinet Office announced the creation of an Open Source Advisory Panel—a group of industry professionals who will provide ad hoc advice and support to procurement and technical officials on Open Source. The panel will also be available to offer technical advise around open source solutions to System Integrators.
(b) Agile Development Policy Government is working to put the principles and structures in place to enable agile ICT delivery. The emphasis is on interoperability based on open standards, open data and increasingly mobile ICT platforms. Improved procurement processes will reduce costs to create a fairer and level playing field for ICT suppliers. In addition, where Government needs to commission a new ICT service or solution, it will look to apply lean and agile methodologies to reduce waste and risk of project failure. Government’s approach to Agile Development is for: — Diverse Range of Suppliers—A diverse range of service providers will enable rapid deployment of technologies to front line services. More agile and more open procurement rules will make the market more accessible to SMEs. The modularisation of larger ICT contracts will allow for multiple suppliers delivering on larger pieces of work, which in turn gives a more varied input into the project design, as per agile principles. — Open Standards—Open standards will enable interoperability across both government systems and data, allowing for quicker and more agile interactions between various components. — Digital by Default—Government is committed to making public services digital by default, delivered by Direct Gov. The drive is towards online personalised services, which are trusted and flexible. Section 1.13 ii) of the Cabinet Office Business Plan states a commitment to “Mandate channel shift in selected government services”. — Open development—To be achieved via open data and encourage businesses and citizens to innovate new digital services and solutions. As per the Government’s transparency agenda, opening up analytics and information will help people to make informed choices. Progress to date — Creation of Skunkworks—Lead by Mark O’Neill (CIO of DCLG), the Skunkworks team has been created with the intention of assessing and developing faster and cheaper ways of using ICT in government. — Opening the market—The PPN 05/11 of February 2011 listed a package of measures to open up the market to SMEs (however, this is not specific to ICT SMEs), including streamlining procurement and engaging with suppliers. Measures taken so far include: — The appointment of a Crown Commercial Representative (Stephen Allott) to lead on strategic engagement with SMES; and — The launch of the Contract Finders website. Furthermore, the PPN states that: — departments will be required to adopt greater outcome-based specifications as much as possible and not to over specify. For our most significant projects in government the Major Projects Authority in the Cabinet Office will systematically assess whether the specification has been gold plated and whether it is sufficiently based on outcomes. We will also seek to break requirements up into “micro lots” where possible. (PPN Information Note 05/11 February 2011); and — findings of the “Lean” Review of the procurement process and announcement of pathfinder projects which will use the Lean approach to conduct their procurement much faster than current norms (PPN, 6d—Package of Measures). — Transparency—The details of ICT projects over £1 million were published last year. By making this information available to the public, there is greater opportunity for interested parties to contribute to Agile development. Public Administration Committee: Evidence Ev 121
— Open Standards—Government issued PPN 03/11 in January 2011—“Use of Open Standards when specifying ICT requirements” which stated that, “Government departments should ensure that they include open standards in their ICT procurement specifications unless there are clear business reasons why this is inappropriate”.
G- Cloud Policy Cloud computing is the new technology approach that moves organisations away from separately procuring their individual dedicated infrastructure to one where they can consume ICT Infrastructure and Services as a utility. The growth of this “Cloud” approach allows organisations to be able to respond to rapid change and growth whilst also reducing operating costs and the need for significant upfront capital expenditure. Public sector ICT will start to utilise the broad range of services becoming available from the Cloud. Cloud services that conform to Government Standards for security, service and availability, will become “G-Cloud Certified” and will be advertised on the Applications Store for Government. G-Cloud Certification will represent, trusted, secure and resilient services from shared common platforms allowing departments to gain significant economies of scale and allow operation at the best cost efficiency. The G-Cloud will be focussed upon applications and services operating at IL3 or below, representing approximately 85% of all public sector applications. Applications operating at security level of IL3 will be maintained within the boundary of the Government Network (PSN), in a secure Private Cloud. Applications operating at security levels of IL2 or below will be targeted for G-Cloud Certified Public Cloud. The outcome will be that wherever appropriate, all public sector organisations embrace the “cloud” approach to the delivery of ICT as the default, taking advantage of the enormous scale of economies available through the public cloud, where possible and consuming more sensitive applications from a secure platform shared by the whole of government. Progress to date The G-Cloud strategy was developed during 2009Ð10 by a team comprised jointly of representatives of public sector organisations and the ICT industry. — Phase 1 was focussed on the opportunities presented by Data Centre Consolidation (DCC) and report that significant cost savings and efficiencies could be gained by the consolidation of a significant proportion of the Government Data Centre Estate. — Phase 2 focussed more broadly across DCC and the additional opportunities represented by the Cloud approach to ICT. Phase 2 produced nine major reports, now published setting out the Vision, and baseline position across all areas impacted by the G-Cloud Programme. — The Phase 2 Vision sets out how the public sector will realise the benefits of the “cloud” approach to ICT through three inter-related initiatives: — The Government Cloud (G-Cloud) certification will provide a trusted, secure and resilient shared environment through which public sector bodies can resource ICT service at greater speed and lower cost, both within the Government’s Network and also externally in the “Public” Cloud. — The Application Store for Government (ASG) will be a marketplace to review, compare and select online G-Cloud certified business applications. — The Data Centre Strategy will significantly reduce the number of data centres used by central Government to host ICT services bringing substantial savings in cost and energy consumption. Establishing the G-Cloud, ASG and implementing Data Centre Consolidation will involve change in the way that ICT is procured and supplied, which will in turn require new ways of working in both ICT suppliers and public sector organisations.
Question 5: What steps is the Government taking to increase the number of SMEs involved in delivering Government IT Project? I’m aware that the Government has dropped the quota of 25% SMEs, possibly partial due to EU Procurement rules. However, it would be useful to hear what steps the Government will take to encourage SME to bid for Government contracts. Many organisations and businesses that submitted written evidence to the Committee complained about the current procurement system making it difficult to SMEs to bid, so any comments you have on this would be helpful.
Answer: Government has issued two Procurement Policy Notices (PPN) about increasing the number of SMEs involved in government contracts: — 10 November 2010: PPN 19/10—“Package of announcements to support Small Businesses”. Ev 122 Public Administration Committee: Evidence
— 5 February 2011: PPN 05/11: “Further measures to promote Small Business procurement”. These PPNs covered: — The Contracts Finder website—allowing all businesses to view details of live contract opportunities, closed tender documentation, contract awards and contract documents; — Streamlining the procurement process, by: — encouraging departments not to over-specify by adopting greater use of outcome based specifications (Major Projects Authority to assess larger projects); — introducing the Lean approach on pathfinder projects; — only requiring Pre-Qualification Questionnaire (PPQ) data to be submitted once; and — removing the requirement for the completion of a PQQ for contracts under ~£100 million. — Improving strategic relationships between SMEs and Government, by: — introducing a Crown Commercial Representative to deal specifically with the dialogue between the two groups. Stephen Allott has since taken on this role; — launch of SME product surgeries; — interchange programme to get more secondees from business into procurement teams; and — launching an extended Supplier Feedback Service.
Question 6: How does the Government integrate IT into the policy development process? This is possibly the most difficult question to express, but the intention of this question is to follow up on thoughts contained in the evidence about the stage in the policy process at which IT is considered? Is it an add on at the end or integrated from the start? Is the Government making any attempts ensuring that IT considerations are brought in earlier?
Answer: Government recognises that its organisations have faced the challenge of keeping track of the fast changing landscape of policy and subsequent IT design and implementation. The ownership of the government ICT policy rests with The Cabinet Office and, since May 2010, the Efficiency and Reform Group. Therefore there are a number of Efficiency and Reform Group initiatives that contribute towards the objective of ensuring that government integrate IT into the policy development process. These include: — Strengthening governance by the formation of PEX (Efficiency and Reform) Cabinet Committee to provide increased Ministerial accountability and scrutiny and to ensure technology considerations are factored earlier in the process of formulating policy. — Spending controls and the creation of Major Projects Athority (MPA) to ensure that projects are both aware and aligned with policy. — Improving Governments’ capability to exploit the benefits of new technologies by establishing new approaches—ensuring that informed decisions are being made at an early stage. Government will systematically scan the technology horizon to identify changes in technology and assess its opportunities and risks. — The appointment of a Director of ICT Futures to take responsibility for improving the Government’s capability to meet the challenge of fast moving technology and to drive change in the way Government adopts a more rapid and open ICT development approach. March 2011
Annex A CABINET OFFICE—STRUCTURAL REFORM PLAN 1.3 Cut the Costs of Existing Government Contracts and Improve Long Term Supplier Management (i) Identify list of contracts to be renegotiated and develop market intelligence (including unit pricing, supplier landscape and industry benchmarking). (ii) Realise the savings during central renegotiation of government contracts. (iii) Build capability to support large departmental supplier negotiations, particularly for outsourcings and ICT. (iv) Introduce centrally co-ordinated supplier management. Public Administration Committee: Evidence Ev 123
1.4 Change the Process for Managing Large Projects (i) Review all government funded major projects judged to be at risk, in order to maximise savings through stopping or re-scoping projects. (ii) Establish the Efficiency and Reform Group (ERG) as the central authority for the Governments major projects. (iii) Implement a new mandated integrated assurance and reporting regime for all major projects, including a system for working with all government departments. (iv) Publish first annual report on government funded major projects.
1.9 Integrate ICT Infrastructure Across Central Government, and Improve Value for Money in ICT (i) Increase the Chief Information Officer’s power to integrate ICT across government. (ii) Draft ICT infrastructure strategy, including government cloud computing strategy. (iii) Begin regular publication of performance details of all ICT projects above £1 million. (iv) Complete the first version of a cross-departmental asset register.
1.10 Create New ICT Procurement Process (i) Introduce moratorium so that no new ICT contract is signed without ERG approval. (ii) Agree with HMT conditions under which a project is released from moratorium. (iii) Identify cross-department pipeline of upcoming or ongoing tenders and negotiations through the moratorium and project review. (iv) Publish report outlining a new approach to ICT procurement enabling greater use of small and medium sized enterprises (SMEs), a much shorter timescale and lower costs to all parties. (v) Begin publication of status report on use of SMEs in procurement.
1.11 Identify ICT Projects and Programmes to Terminate and Ensure that these are Decommissioned (i) Identify first tranche of projects and programmes to terminate through the major project review and the review of internal ICT projects. (ii) Agree which of first tranche of projects and programmes should be terminated or re-scoped and begin decommissioning. (iii) Develop process for ongoing review of future projects. (iv) Begin publication of regular status report on identified projects and programmes verifying decommissioning.
1.12 Improve the Rules Around Designing and Running ICT Projects and Services (i) Publish guidance on the presumption that ICT projects should not exceed £100m in total value and the aspiration to reduce the scale of large ICT projects. (ii) Evaluate existing procurement rules designed to ensure a level playing field for open source software and explore options for strengthening current practice. (iii) Establish draft government open standards (including those relating to security) and crowd-source for feedback. (iv) Establish IT skunk works to assess and develop faster and cheaper ways of using ICT in government. (v) Announce new open standards and procurement rules for ICT, including right for skunk works to be involved prior to launch of procurement.
1.13 Create a New Government Channel Strategy to Increase Engagement, Lower Costs, and Improve the Delivery of Online Services (i) Carry out review of overall digital engagement strategy, including future role of Directgov. (ii) Mandate “channel shift” (move online) in selected government services. (iii) Review websites for decommissioning, working with relevant departments. Ev 124 Public Administration Committee: Evidence
(iv) Begin to implement new digital engagement strategy, including channel shift and website decommissioning.
2.3 Create a New “Right to Data” in Conjunction with the Ministry of Justice (i) Work with the Transparency Board to set requirements for departments to publish data in an open and standardised format, so that it can be used easily and with minimal cost by third parties. (ii) Require central government departments and arms length bodies to commit to implementing a “right to data” in their information strategies, giving the public access to datasets they request. (iii) Amend Freedom of Information guidance to extend “right to data” to public services. (iv) Introduce legislative amendments to Freedom of Information Act to strengthen “right to data”.
Written evidence submitted by London School of Economics and Political Science Identity Project Executive Summary 1. The proposed National Identity Scheme would have been one of the largest technology innovations by UK government in recent years. It took place in the full glare of public and parliamentary scrutiny, much of it critical of the proposals. With IT playing a key role in the proposals it would be reasonable to expect that Scheme to be an exemplar of effective government IT. The Scheme would be able to draw on recommendations from academia and industry, the oversight and guidance provided by the National Audit Office (NAO) and the Office of Government Commerce (OGC) and the experience of its specialist consultants. 2. As this submission shows, however, this proved not to be the case. The case of the National Identity Scheme therefore provides evidence for key questions in the inquiry: How well is technology policy co- ordinated across Government? Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learned and applied? How appropriate is the Government’s existing approach to information security, information assurance and privacy? 3. Although it was frequently claimed that the lessons from previous IT failures had been learned (see Paragraphs 9 to 12), between 2003 and 2009 various reports on the progress of the Scheme repeatedly warned about the dangers of not clearly specifying the scope and focus of the Scheme (Paragraphs 13 to 18). This suggests that this basic lesson had not been learned or was being ignored for other reasons. 4. The Scheme was intended to be a core element of the government’s “Safeguarding identity” strategy that would form the basis for identity assurance across government. Online authentication (or “remote access to public services”) is clearly a key element of this strategy yet this aspect was never (publicly) specified (Paragraphs 19 to 20). This raises concerns about the effectiveness of cross-government delivery of key technology projects. 5. The National Identity Register (“the Register”) was intended to hold significant amounts of personal data that needed to be managed securely. The IPS spent over 30 months working on its plan to implement the biographical element of the Register on the Department of Work and Pensions Customer Information Systems before finally deciding that an alternative solution would be more appropriate. Ignoring the cost of this work and the likely consequent delays in provisioning a suitable replacement system, this raises questions about existing capabilities for assessing and managing data securely (Paragraphs 21 to 30).
The LSE Identity Project 6. The LSE Identity Project11 ran from January 2005 until the Identity Documents Bill became law on 21 December 2010. During this period the research team has closely followed the development of the proposed National Identity Scheme (“The Scheme”)12 and have produced a number of scholarly publications and one research monograph based on their work.13 7. Chapter 15 of the Main LSE report,14 issued in June 2005, focussed on the IT environment in the UK, noting that the UK is a world leader in government IT projects and has “a rich experience in outsourcing projects, development projects, and the implementation of new systems. These projects and systems have not always achieved their stated goals”.15 The chapter noted the role of OGC Gateway Reviews in government IT projects and reviewed common project challenges. For example, following a problematic Home Office project that was intended to improve the handling of immigration, asylum and citizenship cases in 1999 the 11 The LSE Identity Project archive is available at http://identityproject.lse.ac.uk/default.htm. The LSE’s work on identity policies more broadly can be found at http://identitypolicy.lse.ac.uk/ 12 By May 2009, the National Identity Scheme was being rebadged as the National Identity Service. It will be referred to as the Scheme throughout this submission. 13 For example, Whitley E A and Hosein G (2010). Global challenges for identity policies. Palgrave Macmillan, Basingstoke and Whitley EA and Hosein G (2010) Global Identity Policies and Technology: Do we Understand the Question? Global Policy 1(2), 209Ð215. 14 LSE Identity Project (2005) Main Report (27 June) Archived at http://identityproject.lse.ac.uk/identityreport.pdf 15 Page 201 Public Administration Committee: Evidence Ev 125
National Audit Office (NAO) called on departments to consider whether a project might be “too ambitious” and to agree details early in the process.16 8. Chapter 15 of the Main LSE report ended by stating: The legislative uncertainty and the constantly shifting goals give the UK one of the least admirable track records on large-scale IT projects. The infrastructure for the identity card, as envisioned by the Bill, is arguably one of the largest IT projects in the world. A database that will in time contain over 60 million records holding a vast amount of information, with on-line access, an advanced security model, and with hundreds of thousands of users, is not only difficult to design and implement, but will most likely be costly (p. 224).
Lessons have been learned 9. Given the high profile nature of the Scheme, the concerns raised at the Home Affairs Select Committee’s inquiry before the Bill was introduced,17 the critique provided by the LSE Identity Project and problems with Government data handling (most notably the HMRC child benefit data breach), it would be reasonable to expect that lessons about successful IT projects including the need for clear scope and a well designed architecture had been embedded in the Scheme. Similarly, one would expect that given the sensitive nature of the data held on the Register, information assurance concerns would have been uppermost throughout the Scheme. Unfortunately, as the evidence in this submission will show, this was not the case. This raises the prospect that if government IT projects in the full media glare continue to face these problems what can be expected of projects that do not have such visibility and associated scrutiny. 10. Throughout the Parliamentary passage of the Identity Cards Bill, Government ministers reassured Parliament that the lessons of previous IT failures had been learned. For example, speaking in October 2005, Baroness Scotland told the House of Lords: Many concerns have been expressed about the technical viability of the prescribed scheme. We recognise that there are challenges. Projects such as this will always face such challenges and opinions in the field of technology will differ. However, the body of representations within industry, existing project experience and research by established experts in the field of biometrics and database technology indicate that we are right to proceed with our plans at this stage. As with all major government projects, the technology behind the identity card scheme will ultimately come from the industry, and key sections of the industry are telling us that the technology can work [31 October 2005 : Column 111]. 11. Such statements were consistent with the guidance provided by the initial OGC gateway reviews of the project: The implementation risks must be minimised through the optimum use of existing capabilities, skills and expertise18 and The Identity Cards programme has been assessed by the Department against the NAO/OGC list of common causes of failure. We have examined this assessment and support its conclusions although recognising that some of the common causes on the NAO/OGC list relate to activities that will be undertaken during later stages of the programme.19 12. The Strategic Action Plan issued in December 2006 made similar claims, noting that the government was taking “an incremental and pragmatic approach. We will keep risks and costs down, by using existing Government investment and delivering incrementally, based on extensive piloting and trialling”.20
Scope and Focus 13. The OGC reviews highlighted the need for the Scheme to have clear scope and focus: The scope and objectives of an Entitlement Card scheme must be precisely defined at a very early stage and all opportunities and desires to change or grow these requirements must be resisted.21 14. In 2006 The House of Commons Science and Technology Select Committee undertook an inquiry into the Governments use of scientific advice and used the Identity Cards Scheme as one of its case studies.22 In their final report, the Committee noted that the emphasis “placed on different aspirations has varied throughout the life of the scheme and this changing focus has resulted in a lack of clarity regarding the likely technology requirements”23 and that it is “unsatisfactory that the boundaries of the scheme still seem not to have been set. We have the impression that the Government still does not know precisely what it wants from the identity 16 “The Home Office: The Immigration and Nationality Directorate’s Casework Programme”, National Audit Office Press Notice, HC277, 24 March 1999 17 HAC 2004. For full details of frequently cited sources, see reference list at end of document. 18 OGC 2003 Page 4 of PDF 19 OGC 2004 Page 6. 20 SAP 2006 Page 2 21 OGC 2003 Page 4 of PDF 22 ST 2006 23 ST 2006 ¤37 Ev 126 Public Administration Committee: Evidence
card scheme”24. As a result the Commitee urged “the Home Office to finalise the scope of the scheme and the technical standards needed for interoperability as soon as possible”25 and hoped that “the situation will stabilise now that the Bill has received Royal Assent”.26 15. The Independent Scheme Assurance Panel (ISAP) was formed so that the Scheme would “have an experienced group of outsiders to take a dispassionate view of the work of the Scheme’s delivery Programme”.27 16. In its Annual Report 2007, ISAP noted: The Programme’s priorities now need to be finalised and approvals gained if the project is to deliver in its published timeframe. Specifically: — The flexibility demanded of the Programme is useful but does not excuse the Programme from the need to adequately detail the requirements for ICT systems, processes and operations. — The Panel advised that delivery priorities would be clearer if backed up by a simple statement of the rationale for each of the Scheme’s key design decisions.28 17. However, in their 2009 Annual Report, ISAP was still reporting concerns about the lack of clarity (under the heading “Resist changes in requirements, give priority to benefits or simplification”): There have been a significant number of requests for change (RfCs) in system requirements since supply contracts were awarded. Changing requirements increases risk, cost, timescale, or usually all three. It is essential that the RfCs be rigorously challenged to protect and ensure delivery of the core requirements. The evaluation criteria for additional functions or changes should give priority to: benefit realisation; complexity reduction; and cost reduction. Emphasis should be given to simplicity and ease of execution. The Programme should pre-empt the complexity of multi—use that is to follow by keeping the core function as simple and straightforward as possible.29 18. Similar concerns have been raised throughout the life of the programme in terms of the technical architecture for the Scheme. For example, the 2003 OGC review noted that poor system architecture “could severely reduce benefits from the scheme and increase cost”30 with the 2004 OGC review stating that it will “be essential to identify the preferred solutions to each of the main technical issues by the start of the procurement phase”.31 The Science and Technology Select Committee recommended that “the Home Office issues a clear timetable for the publication of the technical specifications and defines procurement processes and stages”.32 ISAP in 2007 noted that the challenge “of integrating systems and operations requires an architectural and organisational response. The Panel suggest the Programme should verify that it has the capability to manage integration and that the complexity of integrating increasingly interdependent systems across Government is considered. This needs to cover integration during the development phase and ongoing operational integration”.33 In 2008 ISAP noted “Seamless integration will be an implementation challenge and definition of certain consistent standards will help. Resources and attention are needed on this”.34 They also reported that “Descriptions in the architecture document have been ‘frozen’ to ensure consistency in the procurement dialogue”.35 In their 2009 report, however, noted that “different suppliers use different development methodologies (‘waterfall’ and ‘iterative’ for example). At whole-programme level there will be incremental releases as components are delivered, tested and reviewed in turn. The different approaches increase complexity and hence challenge the ability of the Programme to deliver the whole. Management of releases or iterations will be a heavy burden with these mixed methodologies”.36 19. An illustration of this lack of clarity with regards the capabilities to be offered by the Scheme can be seen with regard to the potential functionality to allow for remote authentication. The Regulatory Impact Assessment for the first version of the Identity Cards Bill talked of the “cost of providing an on-line verification service which can validate ID cards and other identity enquiries for user organisations. Continuing discussions with user organisations and work on reducing the delivery risks have led to a design decision that on-line checks provide an optimum combination of simplicity, reliability and auditability. However this does mean that the central IT infrastructure will require more capacity and will need to be more resilient than the current passport IT infrastructure or that envisaged in the 2004 UKPS corporate plan”.37 Similarly, the Science and Technology Select Committee recommended that “In order to clarify when and how the card might be used, we recommend that the Home Office releases more information regarding what personal data will be revealed 24 ST 2006 ¤39 25 ST 2006 ¤42 26 ST 2006 ¤37 27 ISAP 2007 Page 2 of PDF 28 ISAP 2007 ¤3.4 29 ISAP 2009 ¤5.5, 5.6 30 OGC 2003 Page 11 of PDF 31 OGC 2004 Page 5 32 ST 2006 ¤46 33 ISAP 2007 ¤3.2 34 ISAP 2008 ¤2.2 35 ISAP 2008 ¤2.4 36 ISAP 2009 ¤5.8 37 RIA 2004 ¤18 (iii) Public Administration Committee: Evidence Ev 127
in different scenarios, including in an online context. Until this information is released, it is difficult to ascertain the true scope of the scheme and to fully understand how technology will be used within the scheme”.38 20. This concern about online functionality was repeated by ISAP in its 2008 report “A usage proposition that appeals to citizens and organisations needing to verify identity should be laid out in detail, both to inform functional requirements and to drive benefits realisation. The possible ‘e’ functions to be included are an example. The specification of identity verification services is a particular need”.39 This concern was reiterated in its 2009 report: “The functionality for verification against NIR records in remote or non-face-to-face situations is a known need that is not yet specified. Definition of verification service requirements needs a high priority to inform systems design now”.40
Security, Assurance and the National Identity Register 21. The assurance of the data held on the National Identity Register was always a key element underlying public confidence in the Scheme. This became even more significant following the HMRC Child Benefit Data Breach but was also flagged by ISAP. For example, in 2008 it noted: “The governance, safe storage, controls, means of and limits on the use, of Scheme data must be clear, and this clarity must be effectively communicated. The specification of data standards and these protections in practice should be further developed”.41 The 2009 ISAP report underlines the reasons for this: “Trust in the NIS is fundamental to its attractiveness. Fear of misuse of information about an individual or concerns about personal liberty threaten this. Trust requires: the record to be true; the data to be under control at all times; and the citizen to have power over its use and protections against its misuse with mechanisms for correction of errors”.42 “The NIS must have robust data governance and operational management controls from the outset that must be institutionalised and policed to the satisfaction of the Identity Commissioner in order to provide the first two of these trust requirements. All users and all data access arrangements must adhere to these governance controls”.43 22. In this context, the decision to use and then not use the Department of Work and Pensions Customer Information System (CIS) as the National Identity Register is particularly perplexing. 23. The initial proposals had always been for the Register to be hosted in a brand new, purpose built data centre. As Nigel Seed informed the Science and Technology Select Committee: Security is not going to be an add-on, it is being done now. We have not even gone out with our requirements. The security team is embedded within my procurement team; they are fully engaged. They are on my back all the time, as they should be. The people who are going to do the accreditation are having meetings with our people all the times, looking at our requirements as they develop and then inputting to those requirements. The security of the data centre itself is down to even very basic things like making sure it is not on or near a floodplain. We are looking at all that sort of stuff, right the way from very basic level access and flooding and losing it that way right the way through to hacking.44 24. However, when John Reid became Home Secretary in May 2006 and declared the Department “not fit for purpose”, various programmes within the Home Office were reviewed including the Identity Cards Scheme. This resulted in a new, Strategic Action Plan, released in December 2006 on the last day before the Christmas Parliamentary Recess. This proposed a redesign of the Scheme, for example by dropping the mandatory use of iris biometrics and reusing three existing government databases rather than designing a new National Identity Register from scratch: “for NIR biographical information, we plan to use DWP’s Customer Information System (CIS) technology, subject to the successful completion of technical feasibility work”.45 25. ISAP in its 2007 report expressed concern that reuse of the CIS “may bring integration complexity”.46 As the plans to use the CIS developed, in 2008 ISAP noted “The immediate issue is one of costs and priorities— there must be a means of determining priorities if there is competition between DWP and IPS for development resources. In the longer term CIS could become a bottleneck for the introduction of new services. To minimise this risk the core scope and content of CIS should be strictly confined to the attributes of common interest to all users and the development schedule covered by strict service level agreements. The Scheme should review the relative cost and complexity of these re-use or re-build options”.47 26. In its 2008 Delivery Plan (itself a significant variation of the previous Strategic Action Plan), the IPS reaffirmed the ongoing work to use the CIS, noting that “The Department for Work and Pensions (DWP), is also treated as a delivery partner because their Customer Information System (CIS) forms part of the technical solution for the NIR”48 and the ISAP 2009 report strongly supported “the decision that the NIS should use 38 ST 2006 ¤47 39 ISAP 2008 ¤2.2 (1) 40 ISAP 2009 ¤2.6 41 ISAP 2008 ¤2.2 (3) 42 ISAP 2009 ¤2.7 43 ISAP 2009 ¤2.8 44 Q344 45 SAP ¤15 46 ISAP 2007 ¤3 47 ISAP 2008 ¤2.5 48 DP 2008 ¤53 Ev 128 Public Administration Committee: Evidence
the DWP’s CIS biographic database”.49 This is despite the fact that, in 2008, the NAO reported that “The Customer Information System has not yet received full data security accreditation under the new Cabinet Office rules for personal data”.50 27. On 18 March 2010, the Identity and Passport Service announced that it had selected a “revised option for delivering the biographic store which will form a key asset in the National Identity Register”.51 The decision was to “enhance the database that is already being implemented as part of the replacement for the UK Border Agency’s Identity and Asylum Fingerprint System, rather than utilising the Department of Work and Pensions’ Customer Information System”.52 28. Whilst such a significant technological shift might be justified in terms of it providing the most effective response to the previously expressed concerns about information assurance, documents obtained under the Freedom of Information Act by the journalist Mark Ballard53 indicate more fundamental problems in the decision making process about the use of the CIS. The documents note that as of 6 December 2006 the ongoing feasibility study “had not discovered any issues that would prevent this use of CIS”.54 Indeed, the summary (dated 16 February 2007) notes that “The work completed to date by our teams has proved valuable in demonstrating that there are no apparent showstoppers, but there is clearly a way to go before all parties have a full understanding and everything is in place to facilitate success”.55 29. In terms of a timeline, the review initiated by John Reid sometime after May 2006 proposed the use of CIS. By 6 December 2006 there was sufficient confidence in the use of the CIS that it could be explicitly cited as the likely route for the biographical element of the Register in the Strategic Action Plan issued on 19 December 2006. On 16 February 2007 there were not believed to be any “showstopper” problems with using the CIS, and the 2008 Delivery Plan and 2009 ISAP annual report both suggest that the use of CIS was still the preferred technological solution. The s37 cost report issued on 26 October 2009 also gives no indication of any change in projected costs that would arise from a proposed major change in the technological infrastructure of the Register. Therefore, the decision to not use the CIS had to be taken sometime between 26 October 2009 and 18 March 2010. Thus between February 2007 and October 2009 (at least) the use of the CIS was the preferred technological option for the biographical element of the Register. It is unclear how much money was spent on the development work associated with the plans to use the CIS during this period. 30. In addition, it has been disclosed that some of the front office systems for enrolling individuals onto the Register “have on occasion incorrectly retained data” despite being designed “for data to be retained centrally with no information retained locally”.56
A Note on Sources Used 31. Many details about the National Identity Scheme have not been made available publicly. For example, the OGC reports cited in this report, were only released after a lengthy legal challenge to the original FOIA request in March 2009.57 This submission therefore draws on publicly available sources. Most of these documents would have been written with an expectation that they would be released to the public. They are therefore likely to err on the side of understating potential problems. However, given the important role of parliamentary oversight of government IT projects, they are also likely to be the main documents that any decision making by parliamentarians would be based upon. February 2011
49 ISAP 2009 ¤3.9 50 NAO 2008 ¤4.13 51 IPS 2010 52 IPS 2010 53 http://www.computerweekly.com/blogs/public-sector/2011/02/use-of-the-customer-informatio.html 54 CW 2011 55 CW 2011 56 CWIC 2010 57 http://www.ogc.gov.uk/freedom_of_information_disclosures_gateway_reviews_of_home_office_id_cards_programme__ updated_19th_march_2009.asp Public Administration Committee: Evidence Ev 129 ational-identity- ips_live/hs.xsl/1618.htm?advanced=& live/assets/documents/ISAP_2008_ ps/live/assets/documents/Strategic-Action- %20DWP%20Restricted%20Policy%20-%2016%20February%202007.pdf category=&search_query=&search_scope=&search_group=&varChunk= risk and evidence Documents Cited in the Submission CW2011 Computer WeeklyCWIC CWIC-NIR Destruction and2010 Equipment Decommissioning DP2008 Delivery Plan 2008HAC Identity Cards:2004 http://www.parliament.uk/deposits/depositedpapers/2010/DEP2010Ð1918.zip Fourth report 2003Ð04 ofIPS session2010 Identity and Passport Service AnnouncementISAP Independent Scheme2007 http://www.publications.parliament.uk/pa/cm200304/cmselect/cmhaff/130/130.pdf Assurance http://www.computerweekly.com/blogs/public-sector/2011/02/01/ http://collections.europarchive.org/tna/20100429164701/http://ips.gov.uk/cps/rde/xchg/ Panel Annual ReportISAP 2007 Independent Scheme2008 Assurance Panel Annual ReportISAP 2008 Independent Scheme2009 Assurance http://collections.europarchive.org/tna/20100429164701/http://ips.gov.uk/cps/files/ips/ Panel Annual ReportNAO 2009 http://collections.europarchive.org/tna/20100429164701/http://ips.gov.uk/cps/files/ips/live/assets/documents/n Department for2008 Work http://ips.gov.uk/cps/files/ips/live/assets/documents/ISAP_Report_2009_Final.pdf and Pensions: Technology Information Programmes OGC Use%20of%20the%20Customer%20Information%20System%20as%20a%20shared%2C%20cross-Government%20asset%20- Identity http://www.nao.org.uk/publications/0708/dwp_it_programmes.aspx Cards2003 OGC Gateway Strategic review:OGC Assessment 0— Identity Cards2004 OGC Gateway Strategic review:SAP Assessment 0— Strategic2006 http://www.ogc.gov.uk/documents/Home_Office_ID_Cards_Programe_Gate_0_Report_June_2003.pdf Action scheme-delivery-2008.pdf Plan Scheme: forST Safe the guarding National your Identity identity2006 http://www.ogc.gov.uk/documents/Home_Office_ID_Cards_Programme_Gate_0_Report_January_2004.pdf Science Identity and Card Technology http://collections.europarchive.org/tna/20100429164701/http://ips.gov.uk/cps/files/i Select Technologies: Scientific Committee: advice, searchoperator=&searchmodifier=&verb=&search_date_from=&search_date_to=&stage=&search_event_subject=&search_ Report_v1.pdf http://www.publications.parliament.uk/pa/cm200506/cmselect/cmsctech/1032/1032.pdf Plan.pdf Ev 130 Public Administration Committee: Evidence
Written evidence submitted by Open Rights Group ORG’s response concentrates on these four questions: — How well is IT used in the design, delivery and improvement of public services? — What role should IT play in a “post-bureaucratic age”? — What skills does Government have and what are those it must develop in order to acquire IT capability? — How appropriate is the Government’s existing approach to information security, information assurance and privacy?
How well is IT used in the design, delivery and improvement of public services? ORG would like to make some general points relating to government and IT. Firstly, viewing IT as a standalone area for policy is a bad idea. A lot of modern work on systems practice shows such an approach leads to problems. ORG’s seminar project—the “Database State Seminars”58—involved practitioners across government IT projects. Although the starting point for our involvement was that several projects were potentially in breach of fundamental privacy rights, and others had substantial privacy risks relating to scale, access or data management, a constant theme of the participants was that IT was not being used in a coherent way to deliver the services and results that was expected. In health, for instance, participants observed: A … concern is Government at all levels’ tendency to make arbitrary decisions. Researchers and advisors are simply unable to provide constructive solutions if problems are deemed politically infeasible. If their managers, particularly those popularly elected, are decided on a course of action there is a preference to tinker at the edges … This conservatism is evident in official responses to the broadly constructive comments made as part of Government-commissioned studies of health systems. Evidence-based concerns identified by information security researchers are typically ignored if they do not fit the political view of a project’s development. Another explanation for this failing is that competing interests—healthcare professionals, suppliers, civil servants and patient groups—forces projects in too many directions. Without appropriate coordination, these divergent interests encourage money-wasting stasis rather than clear decision-making.59 Similarly, the Children and personal data seminar participants concluded: The basic concern then is that these systems do not however actually lead to better outcomes. In practice they encourage carers to defer responsibility to the technology and colleagues. In the US, studies tentatively suggest the systems’ main use is to allow carers to shift the blame for their failings. … What is clear is that [systems such as ContactPoint] reduce the amount of face-to-face time that carers actually spend with vulnerable children. The systems mandate an over-reliance on data entry and pooling, which means time with a machine rather than care recipients. The emphasis should instead be on quality, timely interventions. Ensuring the right information is available to the right people is one fact that enables such interventions, but these computer systems are only one tool of the trade and not a total solution. In most cases, gathering the data is useless, because most children will not require an intervention. Whereas those most at risk may not exhibit any clear indicators that serve to show which low level problems will escalate into the most serious matters. It is in these cases that carers should be speaking to the children, their families and teachers to get a sense of what they can do to help. The data that is stored is largely subjective, relying on individual conceptions of appropriate or inappropriate behaviour. The impression we are left with is that in both health and child care, databases have been built to answer a problem, rather than as part of a coherent system. We conclude that:
1. IT is not a Stand-alone Policy Area You don’t want a policy on shovels when your actual problem is gardening—you need a policy on gardening. Therefore, the question isn’t how to use IT the question is “How do we manage problem this problem, and does IT fit into this case.” Recommendation 1: the review considers ways to and learn from modern systems practice and allow government systems to focus on the needs of whole systems. 58 http://www.openrightsgroup.org/dbs/ 59 See Database State Seminar report, attached as appendix (not printed) Public Administration Committee: Evidence Ev 131
2. Systems need “Evolution not Revolution” We recommend that government tries to encapsulate the notion of “Evolution not revolution”. UK policy in our view suffers from a political imperative that “Something must be done” and reacts with “big announcements”, as opposed to an approach best encapsulated by a response to a problem such as: “It’s already on the version 3.14 roadmap for 2012, testing in late 2011.” Recommendation 2: Adopt incremental improvements as the strategy for improvement of services.
3. Systems can be Designed for End Users Rather than Departmental Needs Many government systems seem to be designed around the needs of government departments or officials, rather than real users, either as staff or citizens. These symptoms can be seen in relation to the health and children’s database projects outlined in the Database State Seminar project. One example ORG has been involved with is the NHS Summary Care Records. There have been many problems with this project, which seem to stem from: 1. A likelihood they are not needed in real life emergency medical situations. 2. A lack of understanding of how they might be used and therefore how to implement the system. Our briefing pack highlights two contrasting projects that demonstrate these issues: An example of good practice in this area was the former Public Health Laboratory Service, which allowed public health doctors to log individual cases of infectious disease to monitor epidemic spread, but that identifiable case data was not shared with information systems outside the PHLS. This approach assured confidentiality: there were no recorded cases of data leaks.60 Summary Care Records in England and Scotland give a contrast between bad and relatively good practice, according to our speaker at the seminars: The English Summary Care Record (SCR) has never had a clearly defined use case. It was designed with no idea who the users would be or what tasks they would use it for. It was built on what might uncharitably be called a Field of Dreams brief: “If you build it, they will come.” Connecting for Health maintain that SCR will grow over time and meet a number of, as yet unspecified, needs. Nobody knows what it will grow into nor whether the is the right kernel from which to grow. The designers don’t understand how the record will be used. As a result the system in general, and the security measures in particular, have some obvious design flaws. For example, the system mandates that individuals will have their own access controls and passwords, based on their roles. These security measures are not fit for purpose: sign on takes up to 90 seconds each time, and there is no guarantee that the role-based access will allow doctors and nurses to see the patient information that they need. Faced with a choice between loss of data and loss of life, in 2007 the A&E department of South Warwickshire General Hospitals Trust declared that they would knowingly break the rules and leave one senior -level smartcard in the computer for the whole shift. In contrast, the Scottish Emergency Care Record (ECR) started with a specific use case in mind: emergency medicine. There is a small number of users, and specific settings in which the data is used: telephone triage nurses use it to provide medical advice, and to determine whether a patient should be sent to hospital. The nurse must ask the patient permission to view the record, and notification of each access is automatically sent to the patient via their GP. Security measures operate on the principle that the patient should be informed every time their record has been viewed, and by whom. Recommendation 3: the review considers ways to allow government systems to focus on actual use cases and the needs of end users and citizens rather than be driven by Whitehall or narrow political decisions. Recommendation 4: the review reinforces to government that IT and databases do not solve social issues by themselves.
What role should IT play in a “post-bureaucratic age”? Creating a Big Society through open systems While we recognize that no single approach will work for all circumstances, there are social and economic advantages to favouring an open approach. Furthermore, government spending creates a great deal of economic leverage, and should be used to the maximum public benefit. We understand the “post bureaucratic age” to be an essential component of the thinking behind the “Big Society”; that is, that information and citizen action are essential in the society we develop, as opposed to relying on top-down government projects. 60 Database State Seminar Briefing Pack, Guest Speaker notes (not printed) Ev 132 Public Administration Committee: Evidence
The government must specifically enable: — Engagement and creation of new value through making data available. — Use and promotion of open standards. Systems should be designed to benefit the whole of our Big Society, which means thinking about public interfaces, not just in terms of user interfaces, but data sets, APIs and giving people the ability to write their own interesting tools to do cool stuff with the data and to interact with government. Don’t just give pdfs of consultations or an index page think about how that index could be open standard (RSS/RDF) and how society can work with powerfully. — Government should use publically protocols and exchange mechanisms when possible, both to fight vendor lock-in, and to enable efficient interfacing with the outside world. — Where it can’t use existing ones it should ensure anything it creates is public or at least controlled by Government so it can be kept open for big society use and again avoid lock-in.
What skills does Government have and what are those it must develop in order to acquire IT capability? Current levels and diversity of innovation in the IT sector make it impossible to predict what particular technical knowledge will be necessary to develop in house for the government to acquire IT capability. The in house skills to develop will probably be high level systems integration, strategic technology assessments, etc. Each department will need to assess which particular skill they would need to strengthen. The potential list could be open ended: web services, geo-data, linked data, identity, usability, encryption and security, networks, etc. However, given the size of government and the diversity of evolving challenges it is impossible to develop every skill and capability. The government should develop capacity for open innovation strategies that capture independent ideas and go beyond simple outsourcing to large providers. The best example of open innovation is Procter and Gamble Connect and Develop, but even within government there are already initiatives such as ideas competitions and crowdsourcing. However these are currently experiments amounting to a negligible fraction of the large ICT contracts. We welcome the recent announcement of a new “Crown Commercial Representative” to help innovative small and medium sized enterprises (SMEs) pitch their services to government.61 However, a wider transformation will be required to ensure changes beyond tokenistic initiatives. If the government officials responsible for assessing the new innovations of these SMEs are not capable to make informed technical decisions they will avoid the risk by default. Transparency and an open process of decisions to arrive at particular technical solutions is paramount, and these should be decoupled from the tendering and commercial contracting of the services to provide those solutions. This would allow the government to tap a large pool of technical expertise that would be very unlikely to be attracted to a civil service or ancillary state service job.
Skills in departments and policy makers to understand technical challenges ORG frequently encounters levels of technical ignorance that suggest that government departments may be easily misled my salespeople or simply not understand the policy challenges they face. To give some examples from our work:
Electronic and Internet voting During the Labour government, a policy of electoral modernization was pursued, with an underlying assumption that more accessible means of voting would drive electoral turn out up. ORG wrote policy briefings and observed the counts.62 Thus methods varying from postal voting through to internet voting were examined. Electronic voting trials were conducted. 1. The underlying challenge of delivering secure, anonymous but transparent and verifiable voting was not understood or examined. Academic study has for a long time viewed this problem as currently practically insoluble. Policy however was conducted on the basis that there was no fundamental problem with the technology. 2. The trials were badly run. This was not purely a question of the providers; government did not properly handle the process through its own lack of knowledge and rigour. The pilot providers were deeply unhappy with pressure they were put under as the result of late contract signings while the delivery date—an election—was immovable. Results were not comparable or useful. 61 http://www.telegraph.co.uk/finance/yourbusiness/8319582/David-Cameron-creates-Dragons-Den-for-small-business- suppliers.html 62 http://www.openrightsgroup.org/ourwork/successes/evoting Public Administration Committee: Evidence Ev 133
3. A fundamental but mundane problem around the accuracy of voter registration became obvious, but could have been identified at the start of the process, if electoral modernization had been thought of as a question of a system rather than ways to add technology. 4. The Electoral Commission played a very useful role in identifying tasks such as standard setting, criteria and insisting that cost is an element in current questions such as the use of electronic counting. 5. At all levels, a lack of technical expertise seems to add to the problem of understanding and evaluating technologies, and resisting the simplistic sales pitch of vendors.
Information Commissioner The Information Commissioner operates a data protection regime which is based on principles enshrined in law. It may be supposed, therefore, that their role is technology neutral and advice need not consider technical aspects of implementation. However, in practice the ICO needs a great deal of expertise. There is a need for technical expertise to, for instance: 1. Undertake investigations of datasets when breaches occur. 2. Understand the implications of the use of a specialist technology like cookies, or new technologies such as RFIDs or biometrics. 3. Understanding the potential of privacy-enhancing technologies and encryption methods. The ICO has recognized that technology has become central to their work, but we have yet to see how they build in this expertise, or what effect it has on their advice and guidance. It is remarkable that it has taken over a decade for the ICO to recognize the problem, and we believe this is parallel to many government departments.
How appropriate is the Government’s existing approach to information security, information assurance and privacy? Security and privacy should be considered at the start of the process In IT, the security and privacy of individual users is closely linked. Privacy relies on security, and both needs have to be considered early. A number of government IT projects seem to have either underspent on security and privacy, or have ignored them until very late, when meeting requirements becomes very difficult. In relation to road pricing, one commercial developer at our seminar project observed: Time-Distance-Position road pricing is potentially—but does not have to be—highly invasive. From what we can see so far, the DoT is reluctant to take on board the privacy issue as something that needs to be considered from the outset. Anything that involves technology and money, especially in the public space, deserves to be thoroughly scrutinised through a security and privacy study, as we have tried to get DoT to do with respect to TDP. A lot of people try to tack on security and privacy at the end of system design, but the earlier you think about them the better.63 The impact of government IT systems on people’s privacy can be very large and disproportionate. For instance, ORG examined the impacts of Oyster cards in London, where travel data is retained for two months, well beyond genuine business need. This clearly has a major impact on users’ privacy and is in effect an extension of police surveillance powers. Similarly, NHS Care records, DNA databases and ID cards each had considerable impacts on individuals’ privacy. While the coalition has correctly identified the poor results in several of these cases, the purpose of this review is to ask how these problem may be avoided. Furthermore, work by No2ID via FOI requests in the wake of the Database State report has revealed that many departments have little idea about what databases they are maintaining and what data therefore they are keeping. The scale of privacy impacts and risks is therefore impossible to understand. ORG’s seminar project—the “Database State Seminars”64—involving practitioners across government IT projects. To enhance privacy, the seminar attendees recommended these principles: — Minimise data: collect only what is needed, and keep it no longer than necessary. Central systems should be simple and minimal and hold sensitive data only when both proportionate and necessary; — Share data only where proportionate and necessary: Government should only compel the provision or sharing of sensitive personal data for clearly defined purposes that are proportionate and necessary in a democratic society; — Give subjects ownership of their data: By default sensitive personal information should be kept on local systems and shared only with the subject’s fully informed consent; and — Build for anonymity: Citizens should have the right to access most public services anonymously. 63 See Database State Seminar Transport report in Appendix (not printed) 64 http://www.openrightsgroup.org/dbs/ Ev 134 Public Administration Committee: Evidence
Recommendation: mandatory privacy impact assessments for any IT scheme affecting large numbers of users.
Recommendation: clear retrospective mapping of government data held on individuals, and transparency over who is holding what data.
Recommendation: accept the principles of data minimization, limiting data sharing, giving users ownership of their data and building systems that allow access of government services anonymously. February 2011
Supplementary written evidence submitted by Intellect
Following the evidence Intellect gave to the Public Administration Select Committee on Tuesday 15 March, we would like to expand on four points.
1. We referenced a number of best practice procurement tools that were developed jointly by government and industry, but have not been adopted widely across government. More detailed information is enclosed (see appendix). In particular we would like to highlight: — Pre-Qualification Tool—ensuring a government customer is ready to go to market. — Joint Statement of Intent—aligning aims and objectives between customers and suppliers. — Standard contract terms for ICT-enabled change projects (new, “lighter” version also under development).
These have been developed to improve the chance of delivering successful business outcomes and reduce the time and cost of the procurement process to both government and suppliers.
2. We were very concerned about the suggestion that the technology industry may operate a cartel with no supporting evidence or information being offered to the committee. Such a suggestion is not only inaccurate and misleading, but also potentially damaging to an industry that is a vital part of the UK economy. We hope that you will share our concern.
We do agree that government’s current go-to-market approach presents significant barriers to new entrants to the market, especially in terms of the change-averse culture in government and the preference given to suppliers with UK government experience. The government needs to reduce these barriers and ensure the system encourages as many companies as possible to invest in new solutions that can reform public service delivery.
A public sector market that attracts a range of suppliers, large and small, will have added benefits in that it will lead to increased investment and the creation of more high value jobs in the UK. We highlighted a number of means of achieving such an environment in our original submission to the PASC, but would be happy to provide further specifics if desired.
3. The supplier ecosystem is extremely complex, with companies forming various partnerships and consortia and with SMEs even using large suppliers as subcontractors in some instances. We have a number of initiatives in place to facilitate better working arrangements throughout the supply chain, specifically to provide opportunities for SMEs.
One example is our Innovation Den, where SMEs pitch their innovative business propositions to representatives from central and local government and large suppliers to government. This has been highly successful to date and has allowed all participants to better understand and explore the art of the possible.
4. We thought it would be useful to provide some clarity about Concept Viability (see appendix). This is a service offered by Intellect to the public sector that enables customers to consult with a broad range of experts from the technology industry on future procurements. It provides the industry an opportunity to comment on a potential procurement before a tender is written, within the confines of a technology-neutral environment. This helps the customer to effectively assess the potential risks associated with specific public sector technology projects before committing to a particular approach. The service has been used for over 80 public sector projects and is recommended by the National Audit Office.
Please feel free to contact us if you would like to follow up on these or any other points made in our written submission or oral evidence. March 2011 Public Administration Committee: Evidence Ev 135
APPENDIX SUMMARY OF PROCUREMENT TOOLS All of the following tools were developed jointly by industry and government.
Concept Viability This is a service offered by Intellect to the public sector that enables customers to consult with a broad range of experts from the technology industry on future procurements. It provides the industry an opportunity to comment on a potential procurement before a tender is written, within the confines of a technology-neutral environment. This helps the customer to effectively assess the potential risks associated with specific public sector technology projects before committing to a particular approach. Intellect’s Concept Viability service was launched in December 2003. The service has been used for over 70 public sector projects and is recommended by the National Audit Office. www.intellectuk.org/conceptviability
Pre-Qualification Tool (PQT) The PQT is a tool for government departments to test the readiness of a major ICT procurement. The PQT includes 20 questions, which aim to measure whether the procurement, government department, suppliers and leadership are all ready to proceed to an OJEU competition. It also gives potential suppliers an assurance about the maturity of the requirement and can inform their decisions on whether and how to bid for the work. The Pre-Qualification Tool was published by OGC as a best practice tool in January 2009. http:// www.ogc.gov.uk/About_OGC_news_8952.asp (archive website)
Joint Statement of Intent The JSI is a formal agreement that is reached by the Senior Responsible Owner and the corresponding Senior Responsible Industry Executive(s) for a specific project or business change programme. It is designed to help improve the success rate of government IT programmes and projects by helping departments and their suppliers to develop a shared view of: — what a programme or project is intended to achieve, in respect of business outcomes and benefits, if it is to be regarded as a success; — how the collective project team will work together to deliver these outcomes; and — the potential impact of change on the programme or project (linked to the desired business outcomes rather than solely the IT). The Joint Statement of Intent was launched as OGC best practice in January 2009. http://www.ogc.gov.uk/ documents/ppd_it_projects_joint_statement.pdf (archive website)
Model Agreement and Negotiating Guide As with Pre-Qualification Questionnaires, contract terms and conditions tend to vary widely across government. The model agreement is aimed at reducing the amount of time spent on contract negotiations, which will generate savings for both government and industry. Intellect is also working closely with OGC and Partnerships UK to provide additional guidance for the public sector on implementing model agreements in the form of a “key issues negotiating guide”. Version 2.3 of the model agreement was published in August 2009 and the key issues negotiating guide was published in March 2010. Version 2.3: http://www.ogc.gov.uk/About_OGC_news_9587.asp (archive website) Negotiating guide: http://www.ogc.gov.uk/policy_and_standards_framework_the_negotiating_guide.asp
Outcome Based Agreements (OBAs) Traditional contractual agreements operate on an arms-length supply of technology services. OBAs however focus on delivering shared outcomes and the supplier is contracted to directly achieve business outcomes for and with the customer. Given the strain on public finances, it is essential to have customers and suppliers who are committed to more than just the delivery of their services or products and OBAs offer an effective way to enshrine this principle from the outset. Intellect’s report, “A guide to Outcome-Based Agreements: a better way to do business”, highlights the preconditions for a successful OBA and the mechanisms to help ensure a mutually beneficial agreement. It can be accessed on www.intellectuk.org/oba Ev 136 Public Administration Committee: Evidence
Supplementary written evidence submitted by Socitm At the Public Administration Select Committee hearing on 22 March 2011, I made the point that central government IT costs and performance in general were worse than those achieved in local government. This note provides further evidence to support this point. It focuses on comparisons between the practice and performance of ICT implementation in central and local government and includes: — Introduction by Jos Creese, President of Socitm. — ICT spend asa%oftotal revenue expenditure. — Costs of desktop computers. — Performance of websites. — The lesson of business change in local government. — Customer access, efficiency and channel shift.
Introduction Introduction by Jos Creese, President of Socitm, Chair of the Local CIO Council and Head of IT at Hampshire County Council. “Having worked in both local and central government there are a number of clear differences in approach that I have observed. Firstly, local government has been more effective in retaining IT capacity and skills. IT professional turnover has been lower, and whilst outsourcing is common, it has not been pursued as dogmatically as has been the case in central government in the past. Building and retaining in-house skills helps with complex change management. The rate of avoidable turnover of senior responsible officers on IT programmes on key central government programmes is notable and even encouraged. In local government ‘seeing things through’ has a higher value. Secondly, local government has had much less money to spend. This has forced a level of creativity and innovation, as well as tight control of programmes which tend to be smaller or more modular, again as a result of more stringent financial controls. Despite much lower salaries for equivalent roles, much lower spend on similar projects and significantly lower unit cost of commodity IT, the success rate does seem considerably higher—albeit that activity is at a smaller scale. Most notably, and perhaps surprisingly, there is less disconnection between IT and policy-setting in local government. Perhaps this is because local government is less hierarchical, with politicians and top management more likely to involve IT professionals because they are more visible. But I suspect also it is because there is less fear of IT (not so many project failures which damage reputations?) and IT has been allowed to develop as an internal service rather than relegated to the role of mere utility. Perhaps as a result of this, there are also far fewer ‘IT projects’. IT is more likely to be embedded in service improvement projects or change projects. This has other problems, but it is less likely that IT is left ‘high and dry’ without proper business backing.”
ICT Spend asa%ofTotalRevenue Expenditure Sources: Socitm Benchmarking Service Gartner (2011) IT Metrics Data. It is widely accepted that 3% is a benchmark of good practice in the private sector service industries for ICT spend as a percentage of total revenue expenditure. Socitm Benchmarking in recent years has demonstrated that local government organisations spend consistently less than 3% on average on ICT as a percentage of their total revenue expenditure. The chart below shows the results from Socitm benchmarking studies across UK local authorities from 2004 to 2009 (up to 100 councils each year). The average of averages from these studies is 2.33%. Please note that Socitm excludes ICT expenditure relating to curriculum expenditure in schools, as many local authority ICT services do not have responsibility for this activity. Public Administration Committee: Evidence Ev 137
3.5
3
2.5 2004 2
1.5 2005
1 2006
0.5 2007
0 2008
2009 County Average Metropolitan English Unitary Scottish Unitary London Borough
A recent special Socitm benchmarking study of nine Scottish local authorities in 2010, which did include all ICT expenditure for schools, identified the following: — Median 2.10 %. — Lower quartile is 1.82%. — Upper quartile is 3.02%. Our understanding, from talking to colleagues on the CIO Council, is that the average for the percentage of total revenue expenditure spent on ICT in central government departments is at least 5%. These figures can be compared with the Gartner indicative global average for the percentage of total operating expense attributed to IT of 3.2% across state and local government in 2010. (We asked Gartner to provide comparative data on the comparison between state and local government, but they are unable to do so.) Benchmarking is an essential first step to service improvement. For an ICT service cost reductions should be seen in the context of user satisfaction. Here, Socitm’s benchmarking includes a popular service for benchmarking user satisfaction, which demonstrates that, despite cost reductions, ICT services have improved year on year in the past five years. Used by up to 75 local authorities and others each year, this service processes each year up to 50,000 user responses to a standard survey. No other local authority service has such a wealth of management information about its performance and no other sector, public or private, has such a comprehensive database about ICT performance as viewed by those who use the service. The very fact that it is so difficult to obtain comparative data about ICT costs and performance for central government speaks volumes. We believe that Parliament should have IT benchmarking data for central government departments and Non-Departmental Public Bodies, which is comparable in spread and depth to the Socitm Benchmarking data for local government.
Costs of Desktop Computers Sources: The Network for the Post Bureaucratic Age (2010) “Better for Less” How to make Government IT deliver savings. Philip Virgo, Secretary General, The Information Society Alliance (March 2011) Eurim: Procurement in the Big Information Society, Government Computing. Socitm (2011) IT Trends 2010–11. The Better for Less report states (p.6): “Failing to make basic IT services a commodity has cost the British taxpayer dear. It has also reduced the effectiveness of government. Changing to commodity services—such as a user’s desktop software—can reduce the huge annual spending on IT by billions of pounds. — The cost of running a desktop computer in a typical local government body is £345 per annum. — The current cost of running a desktop in central government is £800 to £1600 per annum. — There are approximately four million desktop computers in local and central government. Ev 138 Public Administration Committee: Evidence
— The difference in cost cannot be explained by additional security requirements in central government. The opportunity for savings is immense. Just in ‘desktop’ the figure of £2 billion per year is a reasonable figure to aim at.” This evidence is reinforced by Philip Virgo, who draws on data from Socitm’s IT Trends 2010–11 report which “shows that local government now pays much less than the main private sector benchmarks (let alone central government catalogues) for commodity ICT products such as desktop PCs.” He goes on to cite a number of reasons for this in the article, a copy of which is attached. Evidence from Socitm, suggests that one important factor explaining the difference is the impact of outsourcing. In our benchmarking surveys, we have regularly found a cost difference of up to 20% between the cheaper in-house provision and outsourced provision on a number of indicators such as cost of supporting a desktop. It would be very surprising if the much greater scale of outsourcing in central government were not a significant factor in explaining the differences reported here.
Performance of Websites Sources: Socitm Insight and GovMetric (August 2010) Use of the web—local government compared with central government Customer Access Improvement Service Supplement. One area which Socitm has researched extensively is performance of websites. Since 2004, Socitm Insight has collected extensive information about the performance of websites as experienced by those who visit them. Only in 2008 did central government develop standards in website performance, which were very much influenced by our experience. Central government departments were mandated by the Central Office of Information to collect this data by March 2010 against newly defined standards. In August 2010 we were able to compare for the first time local government performance against central government performance. The most important indicator is visit success. Visit failure is costly for the organisation (as well as frustrating for the visitor) because, when they cannot complete the task that they set out to complete, visitors are forced to use the much costlier channels of the phone (approx. ten times costlier) or face to face. We noted: — Only 16 out of 47 central government departments were able to report visit success. — The average visit success reported was 28.32% compared with an average of 53.74% for local authorities (123 councils participating). — One example was Directgov which reported 32.00%, significantly lower than the local government average. Directgov is one of the Government’s flagship sites, reportedly costing over £35 million to support. Feedback about web visits is essential in order to improve websites and reduce avoidable contact. It is ironic, that in 2007 and 2008, the policy of the previous Government was to focus on avoidable contact with the phone, completely ignoring the web, despite our lobbying for a different approach.
The Lesson of Business Change in Local Government The following material comes from Glyn Evans, Vice-president of Socitm and Corporate Director of Business Change, Birmingham City Council and expands on the CHAMPS2 business change methodology www.champs2.info to which I referred during my evidence. “I very much enjoyed attending the PASC hearing at which you gave evidence. However, I did wonder whether the Committee was necessarily addressing the right question. It sometimes seems that every other year we have some inquiry into why IT projects fail, whereas perhaps a more meaningful question is why do we try and run business change projects as if they were IT projects? I think we will always have more or less ‘pure’ IT projects—a system upgrade or the implementation of a network. But these are not generally the projects that fail; rather it is those that are focused on implementing a particular policy initiative or reforming the way a specific part of the public service works. What we have found at Birmingham—and why we developed CHAMPS2—is that to realise fundamental business change means taking a holistic approach. So we try and get every element right—redesigning organisational structures, redefining job roles, establishing new processes, trying to address embedded cultural issues, keeping all levels of the organisation engaged in the process, ensuring that the leaders do lead the change. And, yes, the IT has to be right as well but in fact it’s often the relatively easy bit. As an aside, though our change programme is IT-enabled, I’ve always underplayed this (we branded as a business transformation programme, the individual workstreams were called non-IT names) as the best way to make sure business leaders don’t engage is to associate it with IT. Whilst we try and get every element right, of course we don’t always succeed—we live in the real world. The strength of our approach is that we didn’t need to. But we got enough of it right to succeed overall; we are realising in excess of 95% of the benefits we predicted. Public Administration Committee: Evidence Ev 139
The danger of focusing, in effect, on the IT bit of change is that you don’t do well any of the other elements. In such circumstances it’s amazing that any IT projects actually succeed. And it has a further pernicious effect in that it drives you to look for the ‘magic bullet’ which will make everything right. It’s been a recurring theme of my entire career, and I suspect Agile might just be the latest manifestation.” Failure to take a business change approach is a common theme that runs through all the Public Accounts Committees reports on failed IT projects dating back to the London Ambulance Service Computer Aided Dispatch System (whose failure actually cost lives) in 1992. We believe that a business-led approach to change should be adopted by the new Major Projects Authority, whose creation is a positive indication that the present government intends to do better than its predecessors.
Customer Access, Efficiency and Channel Shift Source: Socitm Insight (2011) Better Served: Customer access, efficiency and channel shift. During the Committee’s session on 22 March 2011, questions were asked about the use of digital access to public services. For local government, there exists a strong evidence base for managing the transition of service users towards cheaper, digital channels, where this is appropriate. This evidence base has been assembled by Socitm Insight from a number of sources, including its Customer Access Improvement Service. The Better Served report details this evidence, including a number of case studies that illustrate the scope for efficiency gains and service improvement from centralising customer management and making this a corporately managed programme. Examples include Birmingham City Council’s business case for its Customer First Programme, which anticipates £197.4 million of cashable benefits over ten years, while Tameside, a much smaller metropolitan borough, is looking at savings of £1 million over the next four years, just from better management of the front office. Since 2007, Surrey County Council has reduced the cost of phone and web contacts from 79p to 49p per enquiry and since 2007 has saved £175,000 in its contact centre and an additional £150,000 elsewhere by reducing avoidable contact. The case studies show how, with centralised management, and full data about types and volumes of enquiries available for analysis, scope for savings can be realised, by reducing avoidable contacts and encouraging channel shift, principally to the web. The report draws 10 key conclusions about good practice in managing customer access and channel shift: 1. Councils can make significant cost savings through better management of customer access. 2. Cost reduction comes from reducing volumes of phone and face-to-face enquiries. 3. There are three main ways of reducing call and face-to-face volumes without reducing customer satisfaction. 4. Customer channels must be managed together to reduce volumes. 5. Full data from all channels is needed to manage customers efficiently: it is unlikely to be available where channels are managed separately. 6. Collecting customer data for analysis to identify improvement is difficult, but not impossible. 7. Benchmarking highlights variations in management of customer access and opportunities for improvement. 8. Data analysis will reveal opportunities for front- or back-office collaboration in cost-saving process improvement. 9. Maximising customer access efficiency requires an excellent website integrated with all other customer channels. 10. Customers need to be made aware of services on the web and be encouraged to use them. We know of no equivalent evidence base or analysis for central government that can help to steer implementation of the Government’s policy of “digital by default”.
Conclusions All the points in this note indicate that central government has not benefitted from the kind of network that Socitm has built up, and indeed has very much ignored what has been happening in local government. Socitm has played an important part in evangelising the role of IT in modern public services, providing research, insight and benchmarking services specific to the public sector as well as a professional network to aid practitioners. Central government could benefit from this approach, but has always shied away from closer integration with colleagues in local government. April 2011 Ev 140 Public Administration Committee: Evidence
Written evidence submitted by DWP In response to the follow up question to Q315, in which the committee now asks for a copy of the Universal Credit Gateway Zero review. The Cabinet Office Major Projects Authority Starting Gate review into Universal Credit is attached at Appendix A (not printed). In response to the follow up question to Q319, in which the committee now asks for details of the open competition for the Universal Credit system. The Department for Work and Pensions is running a fully open competition to select suppliers to develop and maintain new IT solutions in support of business change, including IT for Universal Credit. The Department advertised for a full range of Application Development (AD) and Application Maintenance (AM) services in an Application Deployment competition which was advertised in the Official Journal of the European Union (OJEU) in June 2009. Over 70 suppliers expressed an interest in response to the advert; and the competition has progressed through a series of stages, including a pre-qualifying stage and further down select stage, leading to a period of competitive dialogue with short listed bidders. The bidders’ final responses are being selected and the Department plans to select preferred bidders in May 2011, and then seek approval to sign contracts via Cabinet Office as soon as practical. In response to Q340 from Greg Mulholland, in which he asks for the number of SMEs with which the Government has direct contracts and the number with which it subcontracts. The Government does not hold a central record of data on the numbers of contracts it holds with SMEs either directly or as sub contractors on government contracts, however, individual departments may collect this data for their contracts. From January 2011, as part of the Prime Minister’s Transparency commitments, all departments are required to publish each new contract let over £10,000 and state whether this contract has been let to a SME. This information is available on the new Contracts Finder website alongside tender documents and opportunities. As part of the business plan process each department is also required to measure and publish the percentage of their third party spend that goes directly to SMEs. The Government is investigating how best to collect data on spend with SMEs as sub-contractors. In response to the question asked in the informal session by the Chairman about the ending of the Department’s Desktop Services contract and whether that presented an opportunity to extend the use of Open Source. The contract for Desktop Services between the Department of Work and Pensions and Fujitsu has now ended. Initially, to ensure business continuity, the Department will use the existing contracts with HP whilst it considers a longer term contracting strategy. The Department is committed to examining the use of Open Source for the delivery of Desktop Services, with any decisions to implement Open Source being subject to the full assessment of the technical and operational implications as well as value for money assessments. In response to the question asked at the end of the informal session by the Chairman, in which he asks how different are the costs of running back-office systems at DWP compared with other organisations where the CIO has worked. I have been the Department’s CIO for seven years, since 2004. My assessment of the cost of running this Department’s back-office systems is that it compares very favourably with its peers. The Department has made significant strides in reducing its IT costs over the last few years and continues to do so. In 2009 Gartner’s benchmark of DWP’s IT capabilities found that the Department’s operating costs, as a percentage of overall operational expenditure, were better than that found across the banking industry. It also noted that the number of employees engaged in IT activities in the Department was five times lower than for those across the banking industry; and that proportionally the Department spends less on IT to enhance and transform its business than those of peer group organisations. Since this benchmarking exercise the Department has embarked on an operational review of its IT which will further reduce the IT cost base. In response to the question asked at the end of the informal session by the Chairman, in which he asks if anything has been done to investigate and benchmark the root cause of different costs, for example with large systems like Oracle and SAP, and for copies of the benchmarks. The Department has not benchmarked the IT component of its back office Shared Services separately, only the outputs from the Department’s back office business processes, which include the IT costs, for example the cost per invoice and the cost per payroll account. The last time the Department’s business outputs were benchmarked was by Atos Origin in 2007. They are now out of date. Ministers agreed last year that the Department should refresh these earlier output benchmarks Public Administration Committee: Evidence Ev 141
and the work was commissioned from PWC and is currently in progress. The results of this benchmarking exercise will be available in summer 2011. April 2011
Written evidence submitted by HMRC
In response to the question asked at the end of the informal session by the Chairman, in which he asks how different are the costs of running back-office systems at HMRC compared with other organisations where the CIO has worked.
In benchmarking some of the HMRC unit prices compared to previous organisations I have worked in, some are lower, ie Desktops, and some are higher ie data centre and applications. We are leveraging our past experiences to work with our suppliers to reduce costs and find lower cost innovative options for ensuring that these areas will reduce and therefore, benchmark wise, will be more efficient. In response to the question asked at the end of the informal session by the Chairman, in which he asks if anything has been done to investigate and benchmark the root cause of different costs, for example with large systems like Oracle and SAP, and for copies of the benchmarks.
We have developed an approach which cuts IT costs into Towers of Service and have identified the Unit Price for these Towers. Gartner have recently completed a high level benchmarking exercise to benchmark the costs of these Towers in HMRC with comparable organisations. As you would expect there is a variation across these costs, with some being better than the benchmark, eg mobile telephony, and others being less competitive, eg costs of IT Helpdesk. We are happy to release a copy of this paper subject to Gartner copyright approval.
We recently introduced a system (called the “Tripartite Process”) that operates in two ways. Firstly following requirement specification and initial architectural input a three way review between HMRC, its Service Integrator Capgemini and the IT supply chain (the Ecosystem), takes place to review both technical and commercial options. Once the Service Integrator proposal is documented a further independent assessor is employed to ensure the solution in the round, including integration costs and lifecycle run charges, represent best VFM against the prevailing market. Recent discussion with SAP around a major business change enabled us to reduce their costs and challenge the Service Integrator charges to demonstrate VFM. Whilst not in the format of a formal benchmark report, correspondence is available for scrutiny if required. We are currently employing Gartner as the independent assessor and their report will be available shortly subject to copyright. April 2011
Supplementary written evidence submitted by Hewlett Packard (HP)
1. Introduction On 23 March, Craig Wilson and Howard Hughes from Hewlett Packard gave evidence to the Public Administration Select Committee’s inquiry into the Effective use of IT.
During the course of this session a number of requests were made by members of the committee for further information. This document provides notes in response to these questions as a supplement to both the verbal evidence given by HP and the written submission made in January 2011.
2. Cost of Desktops in Local and Central Government
In questioning HP, Mr Bernard Jenkin mentioned a recent report by the Network for the Post-Bureaucratic Age which suggested that unit costs in central Government were typically higher than in local Government. He asked HP for its view on why a workstation in local Government costs only half what it costs in Central Government, and whose fault this might be.
2.1 Basic Purchase Costs
HP can confirm that it would not expect to see any significant variance in the basic price paid by local government and central government organisations for a device of the same specification. Indeed an analysis of the typical costs involved in provision by HP of the core desktop product reveals only minor difference between supply to central and local Government clients, with the lower price being paid by central Government. For example, under two supply arrangements we have examined for the provision of the same model of PC of a broadly similar specification, the device is sold into the supply chain by HP at £356 to central government and £372 to local government. The differences between these prices are a reflection of some minor differences in specification and different volumes purchased under each arrangement. Ev 142 Public Administration Committee: Evidence
2.2 The Network for the Post-Bureaucratic Age Report Our understanding is that the report cited by Mr Jenkin is “Better for less: How to make Government IT deliver savings”, published in September 2010. We note that the comparison drawn in this report is between the costs achieved by a single local council (the Royal Borough of Windsor and Maidenhead, which states that its cost per device is £345 per annum as noted in an internal council document) and a range of central government departments where the cost per device ranges from £800 to £1,600 per annum. The report goes on to say that this second set of figures is “not publicly available but was calculated after analysis of a number of let contracts and we have been re-assured by reputable, senior government sources as to its accuracy.” Whilst a cost of £345 per year is a good baseline for a local authority, it is not possible from comparison of a single well performing local council and a range of un-named central Government departments to conclude that any variance is completely unjustified. Any objective comparison must address the question of whether the requirements or contractual terms are the same in each case (in the examples above, they are almost certainly not). In practice, there may be a number of reasons why the price might vary between different organisations. The price of a “managed workstation” will typically be made up of a number of components, including the basic purchase cost of the device itself, charges associated with configuring it to meet a given organisation’s needs (including additional software or facilities required to meet security requirements), plus charges associated with provision of shared facilities such as email services and ongoing support (eg helpdesk services and IMACs—Install, Move, Add, Change). The nature of these charges vary significantly between different contracts, depending on the type of work undertaken by the users of the workstations and the specifications demanded by the commissioning organisation.
2.3 Security Requirements The “Better for Less” report states that “the difference in cost cannot be explained by additional security requirements in central government”. It then goes on to suggest that much of the current security practice is in effect unwarranted, specifically that the rules set out by the Government’s own computer security experts, CESG. It suggests that “Security has become a smokescreen behind which Whitehall and the Communications Electronics Security Group hide a multitude of objectives, groundless policy decisions or poor system implementations”. It concludes that “For systems operating at ‘CONFIDENTIAL’ or below—which covers the vast majority of government IT—commercial security techniques and tools can offer effective information assurance without the unacceptable overheads.” The report in effect draws two connected but different conclusions on this topic—firstly that the security requirements which are currently enforced when supplying desktop services to central government drive significant additional cost, and second, that many of these requirements are unwarranted. Firstly the question that security drives additional cost. This is undoubtedly true. The principles of IT security as they apply to the UK Public Sector are defined in the Cabinet Office’s Security Policy Framework (SPF). The SPF defines “mandatory security policy requirements that all departments and agencies must meet”. It then goes on to set out that it should be “extended, where necessary, to any organisations working on behalf of, or handling HMG assets, such as Non-Departmental Public Bodies, contractors, emergency services, devolved administrations, Local Authorities”. Compliance with the SPF for example, may require that software used must have been verified and approved by CESG, they may demand the use of “two-factor” security controls (eg using both a password and a physical token such as a smart card), they may lead to a requirement for additional security networking hardware to isolate systems from the Internet or other organisational networks, they may proscribe that certain controls are placed over support staff who have access to the system (eg they may require clearance). They will almost certainly require that any system designs are subject to a complex accreditation process. HP’s experience is that whilst central Government departments do comply with these mandatory policies, adherence within Local Government organisations is somewhat less consistent. This can be justified in part by the fact that the threat profiles to the two types of organisation are very different and in some cases that the sort of information systems they operate and data they hold are different—demanding less stringent controls. Nevertheless, because of the different security practices adopted, there are requirements which do appear when providing desktop services to Central Government organisations which drive additional cost when compared with those which occur in Local Government—and hence contribute to a price differential between the two types of organisation. Second, the question of whether the additional controls are unwarranted. This is a somewhat more controversial statement. It is true that the security requirements placed by Central Government departments are at a level beyond that encountered in many (but by no means all) commercial organisations. However, the nature of Government organisations does unquestionably make them a more attractive target for those (whether domestic or foreign) with malicious intent. It is also the case that Government organisations tend to hold data which, by its nature is more sensitive—regarding people’s health, financial status, criminal records and so on. Finally, whilst in general citizens have a choice of private sector provider (and could change provider if they Public Administration Committee: Evidence Ev 143
were not happy with the security provisions made by them), they generally have no real choice of Government, and as a result, it can be argued that Government owes a greater duty of care to protect the information it holds. There may be a case that significant quantities of the data held by Government organisations tend to be Protectively Marked at higher levels than it truly requires (and hence could be held on systems with less stringent security requirements). However, HP is also under no doubt that that the threats faced by Government information systems are increasingly complex, occur with increasing frequency, and that the repercussions, as more public services rely on IT, are increasingly serious. Ultimately HP believes that one of the responsibilities of Government organisations in acting as an intelligent client (both collectively and as individual departments) is to develop an informed view of the threats that might face them, and the level of protection required in their IT systems that they believe those threats warrant. They then have a responsibility to ensure that the suppliers from whom they purchase products and services are complying with these requirements.
2.4 Variance in other contractual terms One final potential factor which should not be overlooked when comparing the costs of different desktop services is variance in the prevailing commercial terms and conditions which apply. Many of HP’s contracts with Government have, in the past, contained very different terms and pricing models for the provision of desktop services. For example, one contract may cover just the provision of the desktop, software and a support service, with the associated network being the subject of a separate contract with another supplier. Another department may have a contract which bundles the networking costs with workstation provision. Similarly, it is not unusual to find, particularly in older contracts, that what may appear as a “per workstation” charge is also used to recover the costs associated with the provision of other services. These can include bespoke business application systems, document management or collaboration software, printers or even fixed line or mobile telephones. Given that the “Better for less” report states that the data on central government desktop prices was “not publicly available but was calculated after analysis of a number of let contracts” it is difficult to provide an objective view on the extent to which this type of commercial construct might contribute to the variance. However, we would acknowledge that gathering data about IT spend and comparing like with like in this field is not straightforward, as has been pointed out, both by the Minister for the Cabinet Office in his evidence to the committee, and by others who have examined the issue, such as Dr Martin Read, who undertook the Operational Efficiency Review into Government ICT for the previous Government.
2.5 Conclusion on workstation pricing HP would agree that there is often much redundant customisation in the provision of workstation services to the public sector, and that purchasing decisions have not always been made in a way which properly leverages the Government’s purchasing power. HP’s experience is that economies of scale continue to be gained by pooling the provision of workstation services at levels up to between 30,000 and 50,000 seats, depending on the complexity of the underlying infrastructure and the extent to which the user populations are distributed. Buying such services on behalf of individual organisations with considerably fewer seats than this cannot reasonably be described as cost efficient. Similarly, buying on behalf of individual business units who themselves have requirements for smaller numbers of devices despite forming part of a larger organisation (as has historically often been the case, particularly in smaller departments with multiple NDPBs or agencies) is a practice which cannot be justified in terms of improved value for money. The Government could take steps to improve the cost-efficiency in the procurement of managed workstation services by pooling the purchasing power of smaller departments through more proactive use of framework contracts such as “Desktop/21”. HP is one of three suppliers present on this framework, which has set price points available to any public sector organisation, which are closer to those at the bottom end of the comparison in the “Better for Less” report, despite being designed to meet the security requirements of Central Government organisations.
3. HP’s Use of Open Source in Government Contracts During HP’s evidence to the committee, Mr Robert Halfon asked whether a note could be provided on how much work HP does with Open Source.
3.1 HP’s commitment to Open Source HP has a longstanding and wide-ranging commitment to the use of Open Source technologies, as illustrated by the following points: — HP is the world’s leading supplier of Linux-based server hardware and has been for eleven years. — HP has developed software management tools to allow customers to integrate Linux platforms alongside systems running on proprietary operating systems. — HP employs thousands of developers working on Open Source software and is an active sponsor of key organisations and events in the Open Source community. HP has donated its own Intellectual Property to help Open Source initiatives get off the ground. Ev 144 Public Administration Committee: Evidence
— HP is the only major printer company to have made all of its Printer Drivers (more than 1,900) fully Open Source. — HP is leading global efforts to develop Common Operating Environments (COEs) for Linux, and to develop what’s known as “Carrier Grade” Linux, suitable for use in the Telecoms industry. — HP is successfully delivering Open Source solutions for Governments elsewhere in the world. We deploy Linux-based solutions for the US Government, and have undertaken a programme to migrate the Brazilian Navy’s HR, Payroll and Accounting Systems off a Mainframe onto an Open Source platform running Oracle.
3.2 HP’s use of Open Source in its UK Government Contracts In most of our Government contracts, it is the Departments themselves who maintain responsibility for technology strategy and selecting the principal software products that they wish to deploy in their businesses. HP is actively working with its Government clients to exploit Open Source products where appropriate, and indeed Open Source software is already used extensively by HP across its central Government accounts in the UK. It is however not practicable to provide a breakdown of the commercial value of this work. Open Source software is almost never used in isolation from commercial products, and the costs associated with implementing the “Open Source” components of a given project are therefore impossible to separate from those associated with implementing the proprietary parts. Nevertheless, we are able to provide an indication of the typical Open Source products and tools in use across our key Government contracts, to indicate the purpose to which they are put and the business areas in which some of them are used.
3.3 Incentives for HP to promote Open Source During the session, Mr Halfon also suggested that it was in HP’s interest to discourage Open Source as a mechanism for ensuring clients are tied in to HP’s own software. We feel it important to put on record that we do not accept that premise, for two principal reasons: Firstly whilst it is true that HP does have a software business, the majority of the proprietary software deployed in the course of our government outsourcing contracts is provided by other vendors and simply resold by HP at very low margin or bought directly by our government clients. Where it is resold, the act of including significant revenue from software sales at low margin in an HP contract only serves to dilute the overall profit margin which HP makes, and would typically be something that the company would seek to avoid. There is therefore no financial incentive in HP’s services contracts to promote proprietary software products where Open Source equivalents would lead to improved value for money to our public sector clients. Second, whilst Open Source software typically has a lower acquisition price when compared with the equivalent proprietary software, it typically demands greater effort to integrate the various components to meet a given business requirement. In this regard therefore, HP’s interests could be regarded as being better served by the promotion of Open Source, as its use would lead to greater demand for services to effect a successful implementation. In practice however, HP’s experience is that on any given project, the overall difference in costs between a proprietary and Open Source solution are marginal—the additional costs for proprietary software being offset by the additional cost of integration effort for Open Source solutions. As HP’s Craig Wilson stated in our verbal evidence, the overall picture is mixed, with some requirements better suited to Open Source, and others to proprietary software. Where the difference is marginal, our view would be that the decision about which route to adopt should be taken on the basis of risk. As the Committee will recognise, projects which involve the development of a lot of custom-written integration software are not usually compatible with the lowest risk.
4. The Role Played by SMEs in HP’s Supply Chain Mr de Bois questioned HP regarding the proportion of its Government revenue which is subcontracted to SMEs and the processes by which SME subcontractors are engaged.
4.1 Proportion of Government revenues subcontracted to SMEs HP’s Craig Wilson stated in his evidence that more than 30% of HP’s government revenue is subcontracted to partners of all sizes and offered a follow-up note confirming the value of work which is subcontracted to SMEs. HMRC’s definition of a Small or Medium Enterprise (SME) is a company with fewer than 500 employees, turnover of not more than 100 million Euros and a balance sheet of not more than 86 million Euros. Based on this definition we have been able to identify 394 SME subcontractors which were used in the delivery of our UK Government business during the HP financial year ending 31 October 2010. During this year, £110 million of work was subcontracted to these SMEs in the discharge of our UK Government contracts. Public Administration Committee: Evidence Ev 145
4.2 HP’s work with SMEs
HP believes that SMEs have an important and increasing role to play in the delivery of IT services to Government. Globally HP works with around 160,000 different SME partners. In the UK, HP works with SMEs in many areas of its business. More than half of HP’s hardware sales, for example, go through an 8,000 strong SME network. This distribution channel accounts for over 16,000 SME jobs in the UK.
HP recognises the benefits of working with SMEs in terms of the speed, agility and innovation they offer. Our business is heavily dependent on our partnerships with SMEs both in delivering our products to market and in fulfilling our public and private sector contracts.
4.3 Becoming an SME partner of HP
HP is keen to engage with SMEs and actively seeks opportunities to work with them. We try to avoid creating barriers to SMEs working with us and believe that in many cases it is more practical for SMEs to engage in the delivery of public sector contracts as subcontractors to HP than by contracting directly with Government.
Prime contractors can provide a contractual and commercial gateway for SMEs and third sector organisations that allow them to work with bigger Government departments without going through the formal procurement process, which can be a costly, time-consuming and, for smaller companies, risky activity. In seeking to work with SMEs, prime contractors can adopt accelerated tendering processes that owe more to the procurement mechanisms found in commercial contracts than usual government ones. SMEs can further benefit from working as a subcontractor to HP in delivering government work because typically, when subcontracting to SMEs, we would not seek to flow down all the more onerous requirements of public sector contract terms to our suppliers.
4.3.1 HP’s Developer and Solution Partner Programme
To provide a mechanism for SMEs to work with HP, we run a programme called the Developer and Solution Partner Programme (DSPP). The DSPP is designed for Independent Software Vendors (ISVs), System Integrators (SIs), developers and consultants. It is intended to help small organisations sell to HP customers by working in partnership with HP account teams. 570 firms are currently part of the DSSP.
The Programme provides partners with resources to support them throughout all stages of solutioning, planning, development, marketing, selling and customer support. By working with HP, DSPP members benefit from access to information, resources and assistance designed to accelerate time to market, shorten sales cycles and improve customer loyalty.
The Programme is free for companies to join. HP DSPP representatives offer assistance with programme services, queries, helping partners obtain the required resources and streamlining the marketing process. Members of the programme are eligible for HP product discounting and have access to software downloads and development kits. HP DSPP also offers information and programmes geared to help partners find new ways to cultivate business and opportunities, as well as providing access to benefits in the areas of awareness creation, demand generation, sales support, tools and business information.
4.3.2 Recruitment campaigns
HP has, in relation to certain large public sector contracts, undertaken specific publicity campaigns directed at the SME community to attract their involvement in delivery. For example, in 2004 HP ran an awareness raising programme targeted at SMEs to encourage them to become partners in the delivery of the Defence Information Infrastructure programme. This included holding a conference, with workshops on the five key work areas where SME support was being sought. It was attended by 66 different companies and the feedback received was extremely positive. This campaign contributed to identifying some of the 100 or so SMEs that today help HP to deliver the Defence Information Infrastructure programme.
4.3.3 Supplier diversity
HP is keen to ensure that it is as open as possible in terms of working with SMEs, including a diverse range of suppliers. HP has a long history of encouraging SMEs to work with us—our first small business programme was established in the US in 1958. Since the late 1960s there has been a strong focus on ensuring that under represented businesses have equal opportunities to work with HP.
A formal Supplier Diversity Programme was established in the UK in 2004. HP works with Minority Supplier Development UK and WEConnect, an NGO that increases opportunities for women-owned enterprises to compete, to encourage businesses that might not readily approach HP to consider working with us. Ev 146 Public Administration Committee: Evidence
4.3.4 Payment terms In 2010 HP signed an agreement with the Cabinet Office to pass on 30 day payments to subcontractors. This is to ensure that the benefits of swift payment are passed through the supply chain to the supplier base that most require them.
4.4 Increasing the involvement of SMEs in the public sector supply chain Many major public sector contracts in the UK already place requirements on prime contractors to involve SME suppliers in delivery where possible. In many other countries where HP operates this requirement is more closely defined and the involvement of SME suppliers is a key criterion in the selection of prime contractors. In some countries, including Australia and the US, quotas for the involvement of SMEs in delivery are a common requirement in major contracts. HP would be supportive of measures to require the greater involvement of SMEs in the delivery of public sector contracts in the UK.
5. VME Migration In discussion regarding the use of SMEs in Government contracts, Mr Jenkin discussed the DWP’s ongoing reliance on the VME operating system, and suggested that it might be worth considering getting “a dozen or two dozen SMEs to brainstorm how to convert the data into a modern operating system”. HP has an interest in reducing the dependence that its customers have on aged proprietary operating systems like VME. Over several years we have worked with a variety of SMEs to look in detail at potential strategies for moving DWP benefit systems off VME. However, the business case for such a change is far from clear for the Department as dependency on VME is declining as new systems come on stream. Whilst HP acknowledges that there are SMEs who may be able to suggest innovative solutions to similar problems, we believe that this specific suggestion fails to comprehend quite how the DWP’s reliance on VME arose and why moving away from the platform has seemingly presented such problems. In summary, it is not a technical problem per-se, or merely a question of converting the data to a modern system, but rather a question of balancing the scale of both technical and business change required to effect the change against the benefits that might arise from doing so.
5.1 History The VME-based range of legacy benefit systems that are still in use today was produced as a result of the “Operational Strategy” Programme, started in the early 1980s by the Department for Health and Social Security. These systems were built to automate the manual processes of the previous benefit delivery departments within Government. Essentially, the approach adopted for the Operational Strategy Programme was to create a single system for each individual benefit. However, in order to deliver the best value for money, the various benefit systems shared IT components and infrastructure; additionally, there were many business and data interfaces due to the interactions between the various benefits—for example, entitlement to one benefit raising income levels and hence impacting entitlement to other benefits, and so on. This led to a highly integrated set of business and IT systems for benefit processing that were optimised to maximise the efficiency of case workers within the then, benefit-focussed, or “Product Centric”, delivery organisations. Over the last few years, the problems resulting from a “Product Centric” model have been the focus of a number of Government reports and this has led to the modern view that benefit systems should be focussed on the claimant ie be “Customer Centric”—this requires a set of delivery systems that look across all the benefits delivered to an individual. Consequently, this requires a set of business systems whose flow is at “right angles” to the structure of the current legacy systems. This issue and legacy systems’ lack of easy adaptability to the more efficient, new communication channels (ie telephony and intranet), have resulted in the need to modernise the existing VME-based systems.
5.2 The Modernisation Challenge Since the 1990s many different companies and experts on legacy system transformation have looked at how DWP’s VME-based legacy systems might be modernised. As a result, a number of approaches to modernisation have already been attempted and/or considered, including replacement of the legacy infrastructure, the use of Commercial, “off the shelf” (COTS) products and the creation of “Presentation Layers” or Front Ends to “mask” the legacy systems. The key problem with migrating to more modern technologies however is not the absence of an appropriate contemporary IT solution, but rather that because of the highly integrated nature of the legacy benefit systems, converting any single benefit to a new model requires that all the business and data interfaces need to be rebuilt and/or replaced at the same time. As a result the proposition of migrating to a new system is, for one benefit, very costly. This, coupled with the risks associated with this change and the ever-present need to successfully implement a policy on the agreed date, has always hampered efforts to implement effective modernisation of the legacy systems on a piecemeal basis. Public Administration Committee: Evidence Ev 147
Where only one benefit is being changed, a combination of the adaption and re-use of a similar VME-based application, along with a modernised front-end system (optimised for use with that particular legacy benefit) are the only examples that exist in DWP for successful “modernisation”. It is questionable as to whether this is “true” modernisation, as the underlying benefit system is still “Product Centric” and operating on the VME platform.
5.3 Successful Modernisation and Universal Credit The complete modernisation of any benefit requires that all related benefit systems (or at least the majority) are replaced and modernised at the same time. The only other approach is to rewrite all the links (interfaces) between the benefit system being modernised and the legacy systems with which it is interfaced. This would be expensive and not reusable as these same interfaces would need to be rewritten again when the next benefit system was modernised. HP believes that the current policy of introducing Universal Credit offers a realistic modernisation opportunity as for the first time, it represents a programme of change that will replace all the major Working Age benefits simultaneously, and is therefore of sufficient scale that the risk and cost of updating the infrastructure is smaller (both relatively and absolutely) due to fewer interfaces being required (through amalgamating benefits).
Public and private sector project performance Mr Jenkin questioned HP regarding the relative performance of projects delivered for public and private sector clients. Craig Wilson stated that data collected by HP indicated there was no evidence of a worse overall performance in public sector contracts relative to the private sector, and offered a follow-up note.
5.4 How HP monitors project performance HP has a number of internal tools for collecting and monitoring the performance of projects that it conducts for its clients. These tools collect two key indicators—the CPI (Cost Performance Index) and SPI (Schedule Performance Index)—which are objective measures comparing actual project time and cost versus budgeted time and cost. An SPI score of 1.0 means that a project is on schedule. A score of less than 1 means the project is behind schedule, more than 1 means that the project is ahead of schedule. Similarly for the Cost Performance Index, a CPI score of 1.0 equates to a project being on budget, a score of less than 1 indicates that the project is spending more than planned, and a score of more than 1 indicates that the project is spending less than planned.
5.5 Comparison of Outcomes For the purposes of this note, we have analysed project CPI and SPI data for a total of 736 project reports spanning the last two years intervals for our UK Clients. Of these projects, 42% are for Government clients, 58% for private sector clients.
5.5.1 Performance to Schedule (SPI) Plotting the number of projects (asa%ofthetotal) at each SPI value for each of the Government (solid/ blue line) and non-Government (dotted/red line) groups gives the following results:
80.0% SPI
70.0%
60.0%
50.0%
40.0% gov nongov 30.0%
20.0%
10.0%
0.0% 0.5 0.6 0.7 0.8 0.9 1 1.1 1.2 1.3 1.4 1.5 Ev 148 Public Administration Committee: Evidence
It can be seen that whilst the distribution for non-Government projects is more tightly packed around a score of 1.0 (on Schedule) than for Government projects, the difference is marginal at worst. Although there is a slight “shoulder” on the “behind schedule” side (0.9 to 1.0) for Government projects, there is a similar (albeit smaller) “shoulder” on the “ahead of schedule” side (1.0 to 1.1). Both distributions (Government and non- Government) flatten out very quickly, with only a very small distribution of projects in the very bad (<0.85) or very good (>1.15) areas in each case.
5.5.2 Performance to Budget (CPI)
Plotting the number of projects (asa%ofthetotal) at each CPI value for each of the Government (solid/ blue line) and non-Government (dotted/red line) groups gives the following results:
60.0% CPI
50.0%
40.0%
30.0% gov nongov
20.0%
10.0%
0.0% 0.5 0.6 0.7 0.8 0.9 1 1.1 1.2 1.3 1.4 1.5
Similarly to the SPI data, whilst the non-Government projects (dotted/red line) show a tighter distribution around a CPI score of 1.0 (ie on budget) than the Government projects, the difference is once again, marginal. The variance in performance (eg the width of the distribution) overall is wider than SPI, but, in contrast to the SPI, the “shoulder” on the ahead-of-cost side of the curve is larger than the “behind” (<1.0) side for Government projects.
In other words, the data suggests that, in comparison to non-Government projects, whilst Government projects are marginally more likely to be a little behind schedule, they are also marginally more likely to be under budget.
5.6 Conclusions from this data
Clearly, this data is solely for HP’s project performance during the last two years. We are however confident that it supports our assertion that there is not a significant difference between the performance of Government and non-Government projects during this term.
Based on real data, it can be seen that over the last two years, it is very likely that a Government project will come in between 30% under and 10% over on cost; and between 10% ahead and 10% behind on schedule. Similar figures for non-Government would be 20% under and 10% over on cost; and 2% ahead and 10% behind on schedule. April 2011 Public Administration Committee: Evidence Ev 149
Supplementary written evidence submitted by Cabinet Office 1) FROM ORAL EVIDENCE SESSION ON 30 MARCH (Q587) G-Cloud and Data Centres Q25. How many data centres does government currently own itself? Q26. How many data centres are actually owned by System Integrators and service providers to Government? A survey commissioned by CIO Council during June 2010 identified 220 Data Centres across Central Government. Outside of Central Government, the Police have at least 88 Data Centres, while the estimate for Local Government and the wider public sector is in excess of 600 Data Centres. Information is not currently held which distinguishes ownership for these Data Centres. Confirmation of ownership is planned for early stages of the Data Centre consolidation initiative.
Open Source Q586. Chair: at the end of a long interchange, a note is effectively requested of Ian Watmore asking how many people there are in the Open Source team at the Cabinet Office/ERG and whether they come from the Open Source community Q23. Please confirm the number of people from the Open Source community working within the CO/ERG team. Also, who is on the Open Source Advisory Panel and what is their background in open source? The Cabinet Office has a Grade 6 full-time resource dedicated to Open Source matters. Though the post- holder does not come from the open source community, they have brought a range of skills to the post, which has helped to foster strong links to the community. Accountability for the work delivered by the Grade 6 rests with the Government Chief Information Officer via the Director of ICT Strategy and Policy. Given the importance of Open Source in the ICT Strategy, the CIO Delivery Board is in the process of allocating the responsibility of the delivery of open source actions to a delivery board lead from a large delivery department. This will allow Government to leverage the appropriate number of resources and knowledge base of the particular department to ensure that the Open Source actions can be further developed and delivered. The Cabinet Office has fostered strong working relationships with the open source community. The main portal for engaging the open source community is the UK Public Sector Group. This was originally set up by Open Forum Europe (OFE)65 and is now co-chaired by the Cabinet Office. The UK Public Sector Group (PSG) consists of over 37 individuals representing different organisations with interests in all aspects of open source technology. The Public Sector Group includes representation from the larger open source supplier community including Redhat, Alfresco, and Canonical. There is strong SME representation in the group through organisations such as Sirius and OPUSvL. Academic organisations such as London School of Economics are also represented in the group, as are community groups like the Free Software Foundation Europe. Bi-monthly PSG meetings provide a forum for discussion and feedback and the opportunity for the open source community to identify obstacles to the adoption of open source solutions in government.
Who is on the Open Source Advisory Panel and what is their background in open source? The Open Source Advisory Panel has been established by the UK Public Sector Group (PSG). The panel is currently resourced by five independent expert practitioners, nominated by Open Forum Europe, and approved by PSG. The expert practitioners have all either implemented or procured open source solutions or have detailed expertise in a specific area (eg legal), and who in turn are able to provide access to community specialist expertise, supplier/government contacts networks, and open source users from across Europe. The Open Source Advisory Panel currently consists of: Tod Cury: A Senior Government Advisor to OFE, and is an Independent Open Source Consultant providing independent business and IT consulting to open source industry vendors, government and commercial organisations. He was previously the Head of Red Hat’s UK Public Sector business and has been directly involved in many of the leading OSS implementations in the UK and has advised OGC on their implementation guide for OSS. Alan Bell: The CTO of OFE and has co-authored technical guidelines on the use of Open Source Software in industry. He is Director of The Open Learning Centre which provides consultancy services to small and medium enterprises seeking to benefit from Free and Open Source Software internally, as well strategic advice to businesses wanting to manage their contributions to open projects. 65 Open Forum Europe (OFE) is an independent, not-for-profit organisation, which was launched in the UK in March 2002 to accelerate, broaden and strengthen the use of Open Source Software in business and government. OFE’s role has now expanded Europe-wide and is a strong supporter of Open Standards and openness and pursues the vision of facilitating open competitive choice for ICT users. Ev 150 Public Administration Committee: Evidence
Chris Puttick: Spent the last five years as CIO of Oxford Archaeology and recently moved to providing consultancy CIO services. Specific technical expertise in collaboration solutions, networking, the Internet, remote/flexible working and virtualisation/cloud technologies. Management expertise in strategy, implementing open and flexible infrastructures and desktop, project management and business development. Experience in the public, private and third sectors. History of successful Implementation of IS solutions with open source technologies since 2002, including web-based collaboration and document management, VOIP telephony, virtualisation and desktop applications. Bob Blatchford: He is COO of OFE and included in his responsibilities are OFE’s own IT and web based solutions, as well as leading OFE’s European programmes on Open Procurement within Government. He has a wealth of practical experience of Open Source and Open Standards based procurement issues and best practice, as well as access to a European network of suppliers, user communities and legal expertise. Andrew Katz: Partner in legal firm Moorcrofts LLP. Moorcrofts has a niche specialism in advising clients on all aspects of open source software. As a former software engineer (and qualified NeXT developer), Andrew Katz has himself released software under open source licences. Andrew Katz is recognised as a leader in the field of open source licensing in the UK. He was involved in the drafting of the UK Creative Commons Licence, and has contributed to the GPL Version 3 project. He is also a founder editor and contributor to the International Free and Open Source Software Law Review.
Q540. Chair: Don’t we actually have to press for deregulation of the contracting process and a change to the European Directive? Since this Government came to office, it has taken steps to radically simplify and streamline public procurement. In particular, it has conducted a “LEAN Review” to identify and then eliminate wasteful practices which form part of the procurement processes that are lengthy and burdensome without changing EU rules. Resultant changes are now in the process of being implemented. In addition the Government is also actively participating in the European Commission’s current review of the Procurement Directives. The Government has engaged with Commission Officials since the outset to press the case for radical simplification. Government officials are also working with counterparts in other member states to harness shared interests in simplification. The Commission published a Green Paper on 15 January on the “Modernisation of EU Public Procurement Policy” and an explanatory memorandum was submitted to Parliament on 7 March 2011. A formal response from the Government will shortly be sent to the Commission. These outcomes should free up public procurement markets and enable a light touch, modern regulatory framework. We will continue to work with both public and private sectors to finalise the Government’s response.
2) SUPPLEMENTARY QUESTIONS POST-COMMITTEE Data / Base Lining Q1. Do you have figures for the average price per desktop in government? If so, what is that figure and what is being done to reduce it? There is currently no agreed common definition for a desktop nor method for attributing cost against a definition. We are committed to putting in place a cross-departmental asset register which will incorporate the components of a desktop computing service so that we can have a single definition. Until that is in place, baseline information required in updates to all departments’ Business Plans will include the cost of desktop per FTE and the contemporary definition used by the department to calculate that cost. Reducing desktop costs within the context of creating a common ICT infrastructure is an explicit aim of the Government ICT Strategy. Like much else in ICT, desktop computing solutions have previously been individually crafted for departments, largely using output specifications by System Integrators. A common ICT infrastructure based on agreed, open standards to avoid vendor lock-in and to open up procurement directly from SMEs together with the use of cloud computing to deliver a utility service has as much to offer in reducing desktop costs as it does to reducing ICT costs as a whole.
Q2. Is OGC still operating the Common Assessment Framework (CAF), measuring the performance of major ICT suppliers to the Government on a twice yearly basis? 2.2 If not, why is CAF is being discontinued? 2.2 If so, please supply the most detailed recent tables and evidence from CAF comparing major ICT suppliers’ performance The OGC (now part of ERG) took a decision to suspend the CAF process whilst the role and work of the Crown Commercial Portfolio team was considered as a whole. Public Administration Committee: Evidence Ev 151
The establishment of a network of Crown Representatives in April 2011 and the supporting analysis that will be developed in ERG is expected to provide better insights into supplier performance than was the case with CAF. Any successor to CAF will have to impose minimal burdens on suppliers and departments, while adding value over and above that secured via other routes.
As a result, a new process for the measurement of supplier performance is currently under review. We are working on a model which will be lighter touch than CAF and which will cover a wider range of major suppliers i.e. beyond purely ICT suppliers. Once the review of the proposed plans and approach are completed, we will be issuing guidance to Departments in the next six to nine months.
Contract Renegotiation
Q3. To what extent will existing contracts limit/delay the ability of the Government to implement these reforms?
3.1 What is the average length of a Government IT contract? Which contract that the Government has currently entered into has the latest end date?
3.2 To what extent did the contract renegotiation conducted following the establishment of the Coalition Government allow you to mitigate this risk? Please give examples
3. Existing ICT contracts are not a barrier to implementation of the reforms—on the contrary they have informed our work and helped us leverage several hundred million pounds in savings through the renegotiation programme. Discussed as part of the contract renegotiation programme they informed the proposals agreed in the Memoranda of Understanding (MoU) signed between suppliers and the Crown. The MoUs contain a range of savings opportunities for central government to be delivered in 2010Ð11 and beyond. Cabinet Office has been working with departments to deliver these savings since the first MoU was signed in September 2010.
A key learning point from the renegotiation process was that the government can leverage a better deal from its suppliers by acting as one corporate “crown” customer rather than by individual departments engaging separately with the same suppliers. In view of this, a new model for managing government’s relationship with its key suppliers is being implemented, and a number of Crown Representatives (CRs) have been appointed to undertake this role. The CRs will work with departments to ensure knowledge about performance on existing contracts is shared and taken into account in contract awards, and that the government is able to manage its existing supply base effectively.
The CRs will also work with departments to develop a pipeline view of government’s spend over the next four years (taking account of both existing and new procurements). This will be used to develop our strategy for managing ICT spend more effectively and to formulate plans for more effective engagement with the market working to achieve better value for government in the goods and services it purchases.
3.1 We do not hold contract information for all ICT contracts across central Government. Suppliers submitted details of their revenues on central Government business with some contract data attached. From the data we do hold (covering 17 of government’s top ICT suppliers), it appears that the average duration of contracts is between two to five years. Aspire, through Capgemini, is the largest ICT related contract with the longest duration (13 years from 01/07/2004 to 30/06/2017). However, we would like to caveat that this is not exhaustive as the purpose of the data collection was to ascertain supplier revenue levels in HMG, not detailed contractual data.
3.2 Existing ICT contracts do not pose a risk to delivery as such, but their detail will need to be factored into future plans for managing ICT spend, and the Crown Representatives—supported by the Chief Information Officers who work with them, will be looking to do this as part of their new role. We will take existing commitments into account in developing strategies for engaging with current ICT suppliers and in working to develop new entrants to the public market.
Procurement
Q4. The original commitment was to openly publish OGC Gateway Reviews by the end of 2010. Why has this been delayed?
The Government is committed to publishing assurance data on government funded major projects, including Gateway Review data, as set out in the Structural Reform Plan. Work is in train for the publication, by December 2011, of an annual report on government’s major projects, and we will require departments to publish project assurance data on a regular basis. Further details will be available over the next couple of months.
The Government has already offered unprecedented public access to data and reports through the Management Information (MI) agenda. Our proposals on Major Projects will open up to public scrutiny information on areas of expenditure previously not available to the public. Ev 152 Public Administration Committee: Evidence
Q5. Will the new procurement systems and procedures address the issue of the over-specification of requirements which has been raised by a number of witnesses? This is our plan which we are addressing in a number of ways, for example the streamlined LEAN sourcing processes we are developing in support of all procurement procedures, will also address the specification of requirements part of the process, with the aim to ensure these are relevant to what’s being sourced, with more focus on the “outcome required” from the contract rather than focusing too much on the “detailed technical input”. In addition, plans are now underway to improve the skills of Government Procurement resources through targeted training courses, which will address the need to challenge over specification.
Q6. Will large SIs still sometimes have exclusivity, for big projects? If not, how will the cost of any large capital investments which need to be made by the private sector be recouped? We are committed to opening up Government contracts to a wider range of suppliers in addition to the existing large SIs. We are doing this by breaking down large scale projects into more manageable chunks with a presumed upper limit of £100 million. Whilst we cannot prejudge the outcome of future procurements, we can and will be more open and are already encouraging new potential suppliers including SMEs and new suppliers to the UK to bid for work. It’s up to successful suppliers to plan for how they account for any capital investments and not Governments role to do so. This is accounted for within bid prices from suppliers which then form the basis of the contract, including where applicable and agreed through negotiation, any cost of finance.
Q7. Will the “upper limit” of £100 million take into account the issue of “scope creep” or will there be ways to get round the upper limit by simply incrementally adding more and more elements on to the project once it has started? Our plans are that change within existing and new major contracts must be more transparent and where appropriate channelled through and approved by the Crown Representatives already in place to ensure that any change to initial scope, resulting in an increase in original contract value is transparent, managed and approved before commitment is made.
Q8. Is it the case, as reported, that the Cabinet Office cannot become involved with contractual and procurement discussions without being invited to by Departments?66 If so, how will the new policy commitments on procurement be implemented? If it is not true, what mechanisms exist to compel Departments to comply with the new policies on procurement? Cabinet Office is already providing leadership on the management of strategic suppliers and the major contracts Government has with these suppliers through the recently formed Crown Representatives, and on centralising the procurement and ongoing category management of common goods and services. This work delivered in partnership with Departments has yielded significant results in the region of £3 billion to date and will do so over the CSR. Performance and compliance is being managed more consistently and visibly than in the past in line with the Governments transparency commitments, with reports produced and presented to the Minister for the Cabinet Office (MCO) and Chief Secretary to the Treasury (CST) on a regular basis. New policies and procedures to support these initiatives have been communicated to Departments through delegated authority from HMT and Cabinet Office.
Q9. Does the policy of open standards and open source mean that OGC procurement notices will stop specifying particular proprietary products and will seek to procure, for example, “word processing software” rather than “Microsoft Word”? If so, when will the policy be implemented by OGC This is our plan, as “Government Procurement” works in partnership with “Government ICT” in developing and implementing our open source and open standards actions as contained within the recently published ICT Strategy. Exact timing on when these changes will be implemented within OGC procurement notices will be communicated during the first quarter of 2011Ð12.
Major Projects Q10. Does the MPA include responsibility for reviewing existing major projects and major suppliers, or solely major projects? The mandate from the Prime Minister gives the MPA vital new powers, such as: — the authority to require each new project or programme to complete a Starting Gate Review; 66 See for example http://blogs.computerworlduk.com/the-tony-collins-blog/2011/04/is-central-health-it-spend-beyond-cabinet- office-control/ Public Administration Committee: Evidence Ev 153
— integrated Assurance and Approval Plans for each Major Project or Programme, which will be validated by both the MPA and HMT and will be tied in to funding approval; to escalate issues of concern to ministers and Accounting Officers; and — publication of project information consistent with the Coalition’s Transparency agenda. A major change, resulting from this new approach, will be that for the first time there will be visibility of the health of Government’s Major Projects portfolio and mandated tools and techniques to inform good decision making and an ability to intervene or support projects in difficulty. Thus through this powerful new mandate and by working in partnership with HM Treasury (including Infrastructure UK), the Major Projects Authority (MPA) aims to significantly improve the success rate of Major Projects across Central Government. For some Major Projects this may mean the review of existing contracts and suppliers. However, the main responsibility for reviewing large contracts, as recommended by the Green Review, and managing government’s largest suppliers lies with the recently appointed Crown Representatives and the Commercial Portfolio Team. As both teams are based in the Efficiency and Reform Group (ERG).we will co- ordinate mutual reinforcement where our work streams overlap.
Q11. Who are the members of the MPA? And how were they selected and appointed? The operational arm of MPA has been formed from the Major Projects Directorate (which was formerly part of the Office of Government Commerce) and other parts of the Cabinet Office. It has a skilled team of project specialists who have extensive assurance review experience across a wide range of subject matters. The MPA’s Project review teams will also include accredited Civil Service reviewers sourced from across government who are matched for project reviews based on appropriate experience and specialist skills. The work of the MPA will be supervised by a Steering Group and Board, drawn from experts within government and independent executives. The MPA Governance has a Board consisting of senior stakeholders and external experts to review and challenge MPA’s strategy and operational performance. The Governance structure and the MPA Board’s membership were approved by the ERG Board.
Q12. To whom does the MPA report and what authority does it have over government departments? The Major Projects Authority will report to the Efficiency and Reform Group Board which is chaired jointly by the Minister for the Cabinet Office and the Chief Secretary to the Treasury. Whilst the MPA is supported by a mandate issued to departments by the Prime Minister early in 2011, its strength is derived from a partnership between Cabinet Office and Treasury which means that HM Treasury approval will not normally be granted if suitable assurance is not being carried out, or will be granted under strict conditions regarding future assurance. The MPA will work closely with each Department to agree how the requirements can best be implemented in their environment.
Skunkworks Q13. Who heads up the skunkworks team? Q14. To whom does the skunkworks team report? Government skunkworks will report to the Director of ICT Futures (currently being recruited), but in the interim reports through the Director of ICT Strategy and Policy. Mark O’Neill, CIO at Department for Communities, and Local Government (CLG), is the interim Head of Skunkworks. We are in the process of appointing a permanent Head of Skunkworks.
Q14. What overall headcount does skunkworks have? Q15.1 How many are civil servants? Q15.2 How many are external resources? The current overall headcount for skunkworks is three, of which two are civil servants and 1 is an external resource. We are currently assessing resourcing requirements and a draft business case is under consideration. The business case has identified a team of eight within the skunkworks team, all of whom would be civil servants.
Q16. What is its annual budget? Q17. How much of the budget is allocated to commissioning projects from external sources? A business case for future resourcing of skunkworks is currently under consideration. Every skunkworks commissioned project will have its own supporting business case and bid for resources. Ev 154 Public Administration Committee: Evidence
Q18. How will the skunkworks achieve behavioural/cultural change? The Government Skunkworks will work in partnership with the Major Projects Authority (MPA) to embed a new approach to the way Government designs, sources and delivers ICT solutions as part of the spend control process. Skunkworks will also provide a new channel to engage with SMEs and developers to deliver cheaper and more innovative ICT solutions. It will also work to embed agile methods into the procurement and delivery of ICT solutions.
Q19. How will outcomes be measured or otherwise audited? Government is currently reviewing how best to measure and audit outcomes delivered by skunkworks. Once we have decided how to do this we will look to publish our performance data, in line with the Government’s commitment to increase the transparency of the way we work.
Use of SMEs Q20. In oral evidence to the Committee, Mr Watmore stated that SMEs were being encouraged to work with government in two ways: either directly, or by subcontracting via prime contractors. (see Q520 and Q537). However, the Committee has received evidence demonstrating that Government Departments are currently telling their SMEs that the Cabinet Office Efficiency & Reform Group (ERG) has instructed them to switch away from their existing direct SME contracting arrangements to procurement models operated by either the Department for Work and Pensions (DWP) through Capita on the Cipher contract, or the Home Office CIX service for the procurement of all IT contractors and interims. Is this the case? How does compelling SMEs to work for large IT and IT services suppliers help deliver the policy objective of a more diverse and open marketplace where SMEs can work directly for government departments? What market analysis or benchmarking has been conducted to show that this is the best and most cost effective route for central government departments? As part of the centralising government procurement programme, supply chains for contractors and interims are being simplified to deliver better value for money and more detailed management information to better inform future procurement decisions. Spend is being channelled into three current channels: a) existing framework contracts where spot buying is undertaken centrally (this is known as Home Office Cix), b) department-specific arrangements based on their unique needs (such as FCO’s arrangements with Hays) and c) an existing contract with Capita, owned and managed by DWP and available to all government departments. This contract leads to around 80% of all spend being channelled to SME providers and that every requirement is advertised and available for open competition. In effect the Capita service has been replacing small but more costly contract staff agencies. The analysis undertaken by ERG demonstrates that channelling spend in this way results in better value for money and facilitates the development of an open market in which SMEs can work with government to help deliver cost savings.
Q21. The Buying Solutions Multi Disciplinary Consulting (MDC) Category with large government suppliers has been extended for another year. This is apparently in breach of legal requirements, taking a maximum four year contract into a fifth year. Is this the case? 21.1 On what legal basis is this contract being extended? 21.2 How does this decision to extend an existing contract with larger suppliers to government fit with the policy of opening up government procurement to more SMEs? 21.3 As Buying Solutions has recently competed 26 other Management Consulting and Accounting Services framework contracts why was the MDC contract not re-competed at the same time? After consultation, Buying Solutions considers that there are sufficient circumstances that justify an extension to the current framework. The Buying Solutions MDC contract is widely used within central government, more so than any other framework contract for consultancy. In order to safeguard front line delivery that might be dependent on the services provided via this contract, a decision was taken to extend the life of the contract for a short period of time whilst Buying Solutions create a more suitable replacement. Buying Solutions are currently working on a new, replacement procurement process that will include seeing all requirements for consultancy below £100k to be completed on the open market. This will provide an opportunity for all suppliers to win government work not just those within framework contracts. The new process is anticipated provide more frequent competition and greater opportunity for all firms; including SMEs to win Government work. Buying Solutions has not recently competed 26 other framework contracts. The Management Consultancy and Accounting Services framework is a single framework that was compete approximately two years ago. Departments have used this framework to arrange call off contracts from as they do the MDC framework. Public Administration Committee: Evidence Ev 155
Governance Q22. Although the evidence from the Minister for Cabinet Office (IT 56) stipulates that they will require SRO’s to stay in post until an appropriate break point in project/ programme life, they do not state how this will be ensured. Please confirm how this stipulation will be successfully implemented. Government ICT will publish as part of the ICT capability strategy how we, working in conjunction with the Major Projects Authority, will implement this. This will require consultation with departments and wider stakeholder community and appropriate Ministerial committee clearance. The Capability Strategy is scheduled for publication in autumn 2011. April 2011
Printed in the United Kingdom by The Stationery Office Limited 07/2011 010970 19585 PEFC/16-33-622