Select Committee on Education and Skills Minutes of Evidence

Examination of Witnesses (Questions 420-439)



  420. That seems to be different from what you were saying earlier.
  (Mr Pilling) I do not think it does. I think the point is that a number of changes were made in the scheme during the life of the scheme.


  421. The point is that you keep saying that you were partners with the Department and you are very experienced people and what we are quite horrified about is now you are telling us that you could see this great big problem because the accredited providers were not really accredited at all, but they just got on just by filling in their forms, so the whole system was open to abuse from the very beginning, yet no one in Capita said, "This is going to have real repercussions of potential fraud".
  (Mr Pilling) Certainly I have said on previous occasions that we had still to sit down with the DfES and discuss together our concerns.

Paul Holmes

  422. Can we just back-track then. You have spent a lot of the first half of this session saying that you were paid £50 million to implement and administer a scheme which was devised by the Government which seems to imply that there was no quality assurance, as the government officials more or less told us a few weeks ago, there was no quality assurance because they wanted to expand it to other training providers, new areas and all the rest of it, so you accepted that there were no quality controls in the Government scheme, but that was not in your contract to do; you were just there to administer the contract they gave you. You are now saying to us that you set up a scheme which you were responsible for administering which was so open to abuse because there were no quality controls on the learning providers in the first place.
  (Mr Pilling) I think it is the terminology of "scheme" and "system". There is the overall scheme which has been abused. We are talking, I think, about a system, which is the most recent incident of actually being abused based on the IT system itself. That particular abuse is the most recent item and that was picked up and identified by the DfES and alerted to us very quickly. We would have picked that information up in the management reports which we were giving to the DfES at the end of November and we would have been able to identify with them which of the learning providers were abusing the system in that way and have been able to track them.

  423. You are saying that it could be abused in that way whether it was 21 November that it was picked up or whether it was the spring of that year or whatever. It could be abused that way and you did not have safeguards against it because you assumed the training providers would be accredited, legitimate people and yet you have spent the first half of this meeting saying that the fact that training providers did not have to be accredited or quality controlled in any way was not your responsibility, but the Government drew that up, you accepted it and we have already had debates about why, when you have got experience in administering the benefit system which is open to fraud, you did not say right at the start, "Hang on a minute, this is wide open to abuse".
  (Mr Doyle) Denyse did mention earlier as well that in the original specification there was the opportunity to make use of an existing database of accredited learners. When we started to build the scheme, the opportunity was still there and that was what we hoped was going to be used. Later, as Denyse explained, we were unable to use that partly because the two systems did not fit together and we could not merge the two databases and, secondly, because it was a tiny proportion of what was now becoming a large population.

  424. So your company with a wide experience of running things like the benefit scheme did not say to the Government at that point, "We can go ahead in this way, but it is going to be wide open to abuse"?
  (Mr Doyle) Well, no, not at that point in time.


  425. Is it ever on the record that you said that?
  (Mr Doyle) I would have to go back and check the records.

Paul Holmes

  426. Why did you not at that time? If it was going to be so obvious, were you not negligent in not saying that?
  (Mr Doyle) It was not completely open to abuse. To my knowledge and from the evidence we have been presented with so far, we have not seen any abuse of the IT system in the early days yet. Now, someone may come back and tell me that at some point, but at this point in time we have no evidence of it and we have not been advised of anything. There were checks in there around the management reports at the end of the month in terms of being able to see trends and to see if people were blatantly abusing the system and indeed the event that Simon refers to would have been picked up through those audits and major management reports. I did make the point earlier when you asked me where did I think we were at fault, one of the things that I said was that I did not believe that we acted quick enough in terms of the system in the light of the abuse that came out in November, but we could have gone back and returned to the systems and started to make them more robust. We did not do that. The only evidence that we have so far, and this is talking about the IT system and abuse of the IT system as opposed to the other things we were talking about earlier, the only evidence that we have so far and, as the Committee is aware, there is a report being prepared by Cap Gemini at the moment and the Department of their investigations, so—


  427. Pardon?
  (Mr Doyle) Cap Gemini. I believe in a previous Committee you were told about that. We were hoping we would have that last week, but unfortunately it has not appeared, so we do not know what that is going to say yet, but in terms of our own investigations, the only abuse of the IT system—

  428. Are Cap Gemini not the same people who are your accountants?
  (Mr Doyle) No.

  429. Are they not part of Ernst & Young?
  (Mr Doyle) No. A part of Ernst & Young went over and joined Cap Gemini to become Cap Gemini Ernst & Young

  Chairman: I am just checking on any Enron parallels here!

Paul Holmes

  430. Just to recap then, the Government set up a scheme which had no quality assurance on the learning provider. All the learning provider had to do was send in the name and address basically. There was no check even to check whether they had one computer or 100 computers in that training station. There were no checks at all. You, with all your experience of working in these areas, including housing benefit where there is a lot of benefit fraud, did not say to them clearly right at the start, "Well, yes, we will administer this scheme, but it is going to be wide open to abuse". Secondly, you did not build in safeguards so that a rogue learning provider would be stopped from just working out whole strings of ILA account numbers once they had got access to one number. So did you not fall down twice? Once was that you did not tell the Government clearly at the start, "This could be open to abuse. I will do what you are telling me, but it could be open to abuse", and, secondly, you did not build safeguards into your system to stop it being abused in the way that apparently it was on 21 November.
  (Mr Doyle) I have got to come back on that again. At the very start when the system was being built, we believed that we were going to be hooking up to a database which was accredited. By the time the decision was made that that was not possible and it was not going to happen, the system was built.

  431. So you did not feel at that point, "If we cannot use these old authenticated learning providers, this system can now be abused"?
  (Mr Doyle) That is a fair criticism. At that time we believed that the management reporting at the other end of the system would pick up any major abuse of the system. Now, as time has gone on that is obviously not appropriate and I have already held my hands up to that and said, "This is the way we should have done it". The other thing is I have to come back and say that at the moment with the information that we have available to us and with our investigations, we only have this incident in November where the IT system has been abused. The number of providers that we, through our analysis, reported to the DfES are six. Of those six, two, we feel, could be bona fide users of the system. There are four which we are particularly concerned about.

  432. You mention the 21 November incident where a CD-rom was for sale, but your consultants who were doing some checks on account holders, they said that in the early autumn you gave them a load of numbers of people who had used their accounts. They rang up a sample of them to see what they thought of the system and clearly a large number said, "I've never used my account", and your accounts of it were saying that it was either down to dodgy information from you or it was fraud that their accounts had been entered when they had not used them.
  (Mr Doyle) That is something different. There is no proof that that goes back to the IT system, and we have our own people who were coming to us and saying, "I don't understand this. I have got this account and someone has told me, but I've not used it", or, "I never set this account up in the first place", and that goes back to a number of these other issues going on around people being signed up without them knowing they were being signed up, accounts appearing without anybody even knowing they had any account and then suddenly something comes through their door to say that they have used it, so there were a number of other issues going on and that does not necessarily refer back to the IT system.

Mr Shaw

  433. You have gallantly held your hands up, Mr Doyle, to a number of questions, saying, "Yes, we got things wrong with the benefit of hindsight and if we were starting again, sitting down with our partners, the DfES, to devise a new scheme," and indeed you may well be involved in a successor scheme, "we would not have started where we are now, but we would have learnt the lessons". That is fair enough to some extent. I wonder what lessons did you take from information that was already available perhaps with the DfES and indeed the public and companies such as yours about IT fraud in setting up the scheme. The Treasury publish every year their Fraud Report and I wonder if you are aware of this. What lessons did you learn before setting up the scheme?
  (Mr Doyle) I think in terms of the level at which people believed that security needed to be aimed at around this scheme was at a reasonably low level because of the way the scheme was designed. Looking back on it now, we can all say that that was incorrect, but that was where it came from, so there was a low level of security agreed and we were party to that, absolutely. I am very aware of the report you have in front of you there and we are an extremely open company and, in other contracts that we have with the Government, we work very closely with the Government's own specialists in this area. Indeed, whilst we would say that we are specialists and we are professionals in this area, this is a particular area where you can never know too much, there is something going on somewhere else, somebody is inventing some other way of hacking into an IT system which people who are working with us will not see, so we are very happy to work with experts and we do indeed work closely with the Government's experts and with third-party experts to share in that information.

  434. They did not need to know too much to hack into your system, did they? The other thing is that as long ago as 1998 the Audit Commission were saying that computer crime was on the increase. Were you aware of that?
  (Mr Doyle) Absolutely, yes. This system does not have cash flowing around in it. To my knowledge, again I have to come back because I have not seen the report from Cap Gemini, but to our knowledge around the IT system the only evidence that we had of abuse in the system was around that November incident. I have already said that it was four providers. To my knowledge, no money has been paid out to any of those providers.


  435. To your knowledge, no money has been?
  (Mr Doyle) Has been paid over to those providers as a result of that incident, so we are not talking about masses of money flying out of the system here and there being absolutely no controls which cannot trap abuse of this type. What I am saying is that it is after-the-event trapping at the moment, whereas with what we know now, you would want a system that would trap it at the time of the event or very close to the time of the event.

Mr Shaw

  436. In your discussions with the Department officials, did they ever say, "We think we have overspent by £30 million"?
  (Ms Metcalf) I do not think they used those words.

  437. "Oh my God, we have overspent by £30 million"!
  (Ms Metcalf) Because we had a close relationship with them and because, as the Chairman pointed out, I have some knowledge of government spending myself, I was aware that they had been seeking supplementary estimates, but I was also aware that that had been granted.

  438. Certainly one official had been seeking supplementary estimates.
  (Ms Metcalf) So we were aware that the scheme was seen as a very successful scheme and engaged a lot of people in learning. That was not seen as a negative at that point.

  439. So you were aware of overspend. Last week we heard from Mr Hall from the Learning and Skills Council and he told the Committee that he advised the Department of the risk of abuse in May 2000. Were you aware of that?
  (Ms Metcalf) Not personally, no.

previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2002
Prepared 19 March 2002