WEDNESDAY 24 JANUARY 2001

MRS MAVIS MCDONALD CB AND MR BRIAN GLICKSMAN

  80. A number of people have commented on this ending up just being a process rather than getting to the heart of the issue. I see this in some ways as this great difficulty of the differences between a classical bureaucracy and a management. One of the things that came up in my mind was about encouraging—I use that word advisedly—civil servants to be able to carry out this well managed risk. How do you do that? Can they be entrepreneurial in that sense in a bureaucracy?
  (Mrs McDonald) I do not quite know what you mean by "entrepreneurial". They can certainly be innovative and come up with new ideas and new approaches.

  81. Does a bureaucracy prize that sort of activity? Is that whet gets you brownie points in a bureaucracy, being that innovative?
  (Mrs McDonald) It depends what the culture of your bureaucracy is like. The immediate criticism of the Civil Service has been that they are risk averse in a negative way. I do not think anybody is criticising them for trying to control money well, but they have been negative in some senses and they might often have used the kind of framework within which they are operating to judge that.

  82. You used the words "tight control", words that are often used with bureaucracies. Yet, if you pose that against flare, innovation, managerial skill, is there a tension there? How do we get the tight control that bureaucracy operates under with all the other facets that you are looking to develop in this well managed risk?
  (Mrs McDonald) I do not think there is a tension there. There are some things that you want to control tightly like the way you manage a big IT project or the way you manage any other kind of procurement or works maintenance programme. In terms of how you develop thinking about the way you might move forward in various ways, you do want to be innovative. What you want to ensure is that you have a culture that rewards that innovation and encourages it, by accepting that that is a style of behaviour and a necessary part of your senior management leadership that will cascade through the organisation on some of the things I mentioned earlier in the Civil Service report programme about trying to do that. It is about judging on those behaviours being a normal part of the formal appraisal and the way in which you get paid that is part of the package that was being developed in the Civil Service report programme.

  83. What we are doing in terms of managing risks seems to have been developed and adapted from the work that previously has been done in the private sector. That is very much commented on in the reports. Yet, people have talked a great deal about the differences between the private sector and the public sector. I would mention just two complexities in terms of the objectives that you are trying to achieve in the public sector, much greater than the private sector. Often you are looking for balance of perhaps even conflicting objectives in the public sector; whereas that happens much more rarely in the private sector. Now that we have taken whatever good advice or good practice that we can get from the private sector, do we really need to go back for a much more fundamental look about what is needed in the public sector, rather than just trying to ape what the private sector have done so far?
  (Mrs McDonald) What we are trying to do is two things. One is to pick up on Turnbull and the concept that risk management should be about the whole of what you are doing, not just about the little bits that you might think are risky, and embedding the approach about business management is designed to follow that through. The financial system of risk management is part of a wider shift that is going on with the introduction of resource accounting and budgeting. It is an opportunity to pull those two frameworks together.
  (Mr Glicksman) The point you are making is very valid. One of the reasons why we are introducing statements of internal control a year after the private sector is because it took us some time to think through the differences between the private sector and the public sector in this area. The Turnbull Report that led to statements of internal control in the private sector said, quite explicitly, that in the private sector profit is to a large extent the reward for successful risk taking. In the public sector, you are working in a completely different context but, in the public sector, we have better services to the public as a reward for successful risk taking. There is still an equivalence, even though it is not the same. The view we came to was that the emphasis in the Turnbull Report on risk management as a means of providing assurance to shareholders about the way in which company business was managed was just as important in the public sector. It is a different context, but the message is just as important. We have been careful to try and extract what was relevant from the private sector before we tried to apply it to the public sector.

  84. Can I take you on to competence? This is something we have come back to again and again in some of the reports we have done previously. What I am thinking about is a realistic, rational evaluation of whoever is carrying out the risk assessment about the competence of the various alternatives that are available. Let me give you an example. In some of the IT projects that have come back and forward to this Committee, it has been clear that the department putting together the project did not have a very good idea of what competence was available in the private sector to deliver whatever the IT project was. We will take immigration and nationality. There was no way Siemens could deliver the complexity of project that they gave them. There was a failure there; there was also a failure in the public sector itself to specify—and there should have been some recognition there when they were drawing that up—that they were not competent to do that. Have we a rational view of competence that can really allocate risk properly? Are we competent to decide whether we are competent or not?
  (Mrs McDonald) Hopefully, we are increasingly competent. There is a lot of experience around. In the Office of Government Commerce, we have a concentration of independent expertise that departments can pull in and draw on and that ability to read what suppliers give to you if they are coming in for tender is one of the areas in which the Office of Government Commerce is going to concentrate as part of its improvement programme. We are certainly looking at it on the IT side.

  85. The new view—it has been very much pushed by the National Audit Office and this Committee agrees with it—is that you break very complex projects up into smaller packages and evaluate them as you go through. That seems to me a very sensible way to now order this type of project, but it still leaves you with the problem if there is not the competence in the private sector to develop the IT projects. Our public services are littered with failures to fully estimate the competence of the private sector to deliver. If you are not specifying each part of that project because you do not have the expertise internally, even though you might call on outside experts to assist you with that process, are we being entirely rational and realistic about our abilities here?
  (Mrs McDonald) We recognise that one of our risks in this developing area is our access to that kind of skill. It is something we have been giving some thought to, which is why we need to pull in other independent advice to help us understand how we deal with contractors. We are talking of IT but it is just as critical in large scale construction contracts and so on. That development of an intelligent customer capacity is clearly an important skill in the Civil Service to check that it has. I think the picture varies.
  (Mr Glicksman) The report that Peter Gershon did that led to the setting up of the Office of Government Commerce did highlight these points that you are making. One of the reasons for setting up the Office was to try and address those problems.

  86. Can I go on to whether or not government departments are fully committed to the processes outlined in this report? Clearly, as to the Cabinet Office and the Treasury I do not think we are calling into question their commitment to it. Are you fully satisfied that every single department is fully on board, understands the issues and is processing—I use that word not in the sense that we used it earlier on—and ensuring that this evaluation of risk and proper management of risk is becoming part of their departmental culture?
  (Mr Glicksman) The returns that we had from the progress reports that we asked for last year have shown that every main department has an awful lot of activity underway now to try and introduce these new systems and to address the deficiencies in risk management of the sort that were identified in the NAO survey. I am confident that there is an awful lot of activity going on and that, hopefully, the proof will be in the pudding and we will see that emerging over the next year when accounting officers have to sign off statements of internal control.

  87. I was going to ask you about good risk management practice. Let me give you an example. I went to the Immigration and Nationality Department for entirely different reasons because I happen to have a very large number of asylum seekers living in my constituency. I went to see how they were dealing with the cases that I know are taking an enormous amount of time. As an adjunct to that, we have touched on the Siemens system that they are supposed to be introducing. I never had an evaluation of where they are getting to but the superficial impression that they gave me was that they are not much further forward than they were when the whole thing came to us previously. Are we improving practice in the Home Office in terms of delivering that project which is now years out of date? I do not want you to comment on that particular project, but are you sure in terms of the outcomes that are being delivered as you are introducing these new practices and that you see improvement?
  (Mrs McDonald) There are something like 12 projects currently undergoing one of these independent gateway reviews. There is a larger number that the E-Envoy's office have already said will be in the programme that they will keep an eye on and monitor. All we can do is promote best practice and ensure people are working with us. Obviously, we do not know any details about that particular project. The real aim is to ensure that things that are in the pipeline now and being developed are developed and run in a much tighter way according to these principles.

  88. I have two questions for you arising from what has been talked about in Committee today. The first relates to Mr Williams's rather pertinent point about politically inspired risk arising from the minister's requirements, whatever they may be. The current letter of direction criteria effectively assume certainty when dealing with any project. The accounting officer then makes a judgment as to whether it is value for money for the taxpayer and seeks a letter of direction if it is not, in his or her judgment. I do not want you to answer this immediately but I would like you to look at whether or not the Treasury has a view as to whether it is appropriate to alter that to take into account the possibility that if a minister says we have to do this in two years flat—take the railway case—should that trigger a letter of direction and, if so, should we alter the wording of the criteria accordingly? I will tell you now that we will be discussing this in Committee in a few weeks' time, so the quicker you come back to me on that the better. The second question is on the question of risk transfer permanence, triggered in effect by your example of the Royal Armouries. There clearly is an issue here that, where a project might fail completely, whether it is the armouries, a hospital or whatever, it may well turn out to be unacceptable to the government of the day, even if it is a different government, that that should be allowed to fail. The only circumstance under which that is financially risk free, let alone service risk free, is if there is some escape clause or free reversion clause back to the government of the assets involved and probably the going concern as well. Instantly, if you had that in your PFIs, for example, that would produce a financing problem for the provider of the PFI because he has nothing to put his security on. Could you have a look at this whole question of the permanence of risk transfer in catastrophic failure circumstances, the company going bankrupt or something of that order, and let us know what you think the implications of that are for particularly PFI, PFI expenditure being treated as off balance sheet—i.e., not on the PSBR. It seems to me that that is quite a serious issue which we are only just tripping over now with the first major failure of PFI, namely the Royal Armouries. Could you do me a note on that too, reasonably quickly, if possible.
  (Mr Glicksman) Before the Royal Armouries hearing next week?

  Chairman: Ideally, but I will understand if you do not quite hit that deadline. We may have already made up our minds by the time we get the note. It just remains for me to say thank you both very much for coming. It has been a rather more interesting session than I thought. I thought it might be rather dry and theoretical but it has been quite interesting. Thank you very much for coming. The Committee will now go into closed session.