APPENDIX 3
Supplementary memorandum submitted by
Capita Group Plc
INTRODUCTION
1. Capita welcomes the opportunity to submit
this memorandum of supplementary evidence. This complements the
oral evidence given by Capita's Executive Chairman and Director
of Policy and Public Affairs at the Committee's meeting on 4 November
2002.
2. Capita regrets that such an innovative
and creative scheme has had to be stopped with the resultant losses
for learning providers, lost training opportunities for learners
and such high levels of fraud and inappropriate use of public
money.
3. Capita wishes to contribute to all inquiries
into the scheme and identification of the lessons arising from
it, as well as with the current criminal and other investigations
which are being undertaken.
4. Capita believes the shortcomings of the
ILA scheme hold lessons for all future public private partnership
schemes.
CAPITA'S
ROLE AND
RESPONSIBILITIES
5. Capita administered specific elements
of the ILA scheme, in accordance with the specification and business
rules set by the DfES.
6. Capita's role in the administration of
the system and elements of the scheme in England was to:
process account holder applications
and issue membership forms via a call centre
process learning provider registration
applications at an administration centre
produce a "claim for incentive
payments" file for each learning provider for approval by
the DfES
issue forms for membership cards
and account holder "welcome packs" via a subcontractor
called Standard Group which operated under Capita's direction
develop, implement and operate the
computer system in accordance with the DfES requirements to support
these processes via Capita Group's Data Centre
allow access to the computer systems
by approved learning providers approved in accordance with the
Department's Business Rules Handbook so that they could register
account holder applications for learning and confirm commencement
and hence a claim for the appropriate level of incentive payment
produce management information and
audit reports to the DfES to agreed formats and agreed schedules
undertake the responsibilities of
Data Processor as defined in the Data Protection Act.
7. Capita was not responsible:
(i) for the decisions not to:
verify or accredit learning providers
verify that account holders have received
learning for which provider payments have been claimed and/or
made
evaluate the quality of the learning,
(ii) under the contract for:
making the payments to the learning providersthis
was undertaken by the DfES;
pursuing fraud enquiries directlythough
Capita passed on any suspicion evidence of abuse or fraud to the
DfES.
8. The DfES retained responsibility for:
determining policy and the composition
of the project board (the Department chose not to include Capita
in the project board, thereby seriously diminishing the opportunity
for their private partner to influence the decisions made);
setting the business rules and processes
including quality assurance of the learning and learning providers;
ensuring the verification or accreditation
of learning providers (although the Department chose to drop this
activity in order to attract larger numbers of new learning providers
and so grow the market);
making and authorising payments to
learning providers;
monitoring the performance and effectiveness
of the scheme (Capita provided management information to the DfES
to support this);
client monitoring and management
of the contract with Capita; and
undertaking the responsibilities
of Data Controller as defined in the Data Protection Act.
9. Although this was meant to be public
private partnership the DfES chose, as the National Audit Office
report found, to treat Capita as a contractor and excluded Capita
from the project board. This meant that the DfES was unable to
benefit from Capita's operational expertise and experience as
would be standard in good partnership arrangements. Capita sought
membership of the project board on several occasions, but was
denied this. (C&AG's Report para 2.23.)
10. An official who was not a member of
the project board, and who reported to a member of the board,
managed the contract relationship between Capita and the Department.
Escalation of concerns was difficult because of these arrangements.
11. In Capita's view, this lack of partnership
was a fundamental cause of the problems that arose. It prevented
risk transfer to Capita and prevented Capita from having the opportunity
to escalate swiftly concerns, which it identified as the scheme
was implemented and after it became operational.
12. Capita accepts that it should have circumvented
the contract management arrangements and relationships put in
place by the Department, and that it should have made attempts
to raise its increasing concerns about the integrity and progress
of the ILA scheme with senior DfES officials and Ministers.
13. Capita is so concerned about the impact
of a lack of effective partnership between client and provider
that it would have to seriously consider whether it would be appropriate
to bid for any future central Government contract unless the partnership
arrangements are changed, demonstrating commitment and capacity
within the procuring department.
MAJOR ISSUES
Policy and Business Processes
14. It should be noted that although the
original target was to have been 1 million learning account holders
by March 2001, by the time the scheme was suspended in November
2001 there were in excess of 2.5 million account holdersthe
vast majority of which were legitimate. The scheme also led to
the development of the learning provider supply market and to
market diversity. This was an indication of the value of the scheme
and the importance that people were attaching to learning and
training.
15. Capita was selected as the service provider
for elements of the ILA scheme as a result of a competitive procurement
process. Although the set up period was challengingly short, Capita
was able to ensure that the scheme was operational in accordance
with the Department's timetable. Capita had existing infrastructure
and expertise in successfully setting up major schemes such as
this one to tight timetables. For example, Capita established
the Theory Driving test within six months.
16. Immediately prior to and in the early
weeks of the operation of the scheme, the DfES made some changes
to the original business rules for which the ICT system had been
designed to support. These included the dropping of requirements
for validation of learning providers, and authenticating the addresses
of account applicants. These changes weakened the integrity of
the overall ILA scheme.
17. The lack of verification of account
holders' addresses make it easier for illegitimate multiple applications.
Capita brought these to DfES attention seven days after the start
of the scheme in September 2001, but was told by the Department
that it was a low priority.
18. The Department, in response to requests
from learning providers, introduced "blank" application
forms. Originally learners had been expected to apply for membership
by contacting the ILA centre and then receiving a partly completed
form. Capita was concerned that the use of these "blank"
forms could lead to abuse of the ILA scheme. Capita raised these
concerns throughout the contract, and especially in April and
June 2001 when the level of activity increased significantly.
19. Capita kept logs of all activity on
the system, but did not have the controls to prevent or detect
unusual behaviour as it occurred, as the NAO Report rightly finds.
It goes on to state that Capita had requested the Department to
consider such a control as a matter of priority, but that the
DfES decided against pursuing it at that time (C&AG's Report
para 2.49)
20. Capita regularly provided the Department
with a range of management information on service provision, as
required and specified by the DfES. According to the NAO Report,
the Department did not have the capacity to study and act upon
this information. (NAO Report card 3)
THE IT SYSTEM
AND SCHEME
SECURITY
21. The failings in the integrity of the
ILA scheme resulted from the policy and business rules on which
the overall ILA scheme was based, and not from any inherent insecurity
in the IT system.
22. The computer and associated IT systems
that Capita implemented were discussed and agreed with the Department
and its advisors. They were designed to enable access for a closed
community of learning providers for legitimate purposes, using
an individual User ID and a password, in accordance with the Department's
policy.
23. The IT system met contemporary industry
standardsISO/IEC 17799:2000.
24. Capita expected existing databases would
be used to accredit learning providers and the learning courses
they offered. The DfES chose not to do this. The Department subsequently
proposed that learning providers would be a closed community of
learning providers. Without prior accreditation, all learning
providers were therefore placed in a position of trust in relation
to the quality and appropriateness of learning they offered, and
the way in which they could claim incentive payments for providing
learning. Capita raised this with the DfES as a concern.
25. The ILA Account Holder number was designed
as a membership number, based on a sequential number plus a check
digit, in accordance with the ILA policy and business rules and
not as a security measure.
26. The issuing of account statements to
account holders would have provided an additional security check
for the scheme. Originally these were meant to be issued annually,
but the Department delayed their use in July 2001. Capita also
suggested that statements be issued on a more regular basis as
a means of ensuring that account holders would be able to confirm
that they had received training for which payments were being
made. An additional security check was that payment would be authorised
by and transferred from the DfES following its approval of the
claims for each learning provider.
27. On 24 October 2001, the Secretary of
State for Education and Skills, Estelle Morris MP, announced the
suspension of the ILA scheme in England due to the requirement
to assess value for money and concerns about the promotion and
sales practices of some learning providers, and not due to concerns
about the IT system.
28. On 23 November, the DfES informed Capita
that there was an allegation that account holders' information
was being put up for sale, and that a Capita employee might be
implicated. Capita immediately complied with the DfES' instruction
to close the system in order to protect the public interest and
to allow for the necessary investigations, which initially focussed
on this incident.
29. There is no evidence that any Capita
employee was involved in any inappropriate access to the system
or in supplying any account holder information improperly or illegally
to a third party. (NAO para 3.8)
30. There is no evidence of any security
breach of, or "hacking" into, the system by a third
party who did not have legitimate access to the system.
31. The actions to extract large numbers
of names took place during November 2001 just prior to the scheme
closedown. Providers had already been notified that the scheme
would be shut down, resulting in a high access rate to the system
to record and confirm mainly legitimate activity.
32. It would appear that in one weekend
in November 2001, account holder details were obtained by an elaborate
and inappropriate use of the system by at least three accredited
learning providers, acting in collusion.
33. Learning providers had access to account
holders' names and addresses for the legitimate purpose of verifying
that they had credit in their ILA and that they were registered
learners in accordance with the business rules.
CONCLUSION
34. Capita recognised the value and importance
of the programme and was pleased to have the opportunity to support
the Government's policy of Individual Learning Accounts through
the development, implementation and operation of the IT system
and the administration of the defined business processes.
35. Capita's investigations have produced
no evidence of any improper or illegal activity by any Capita
employee, or any unauthorised access to the scheme. Capita continues
to co-operate with all the investigations and inquiries on the
ILA scheme. Capita made a range of evidence and information available
to the NAO.
36. Capita would be pleased to supply any
further information that the Committee may require.
37. Capita believes there are clear lessons
from what has occurred:
(i) Any public private partnership must be
a true partnership: private partners must be members of the project
board, which should comprise senior personnel from the procurer
and the provider partners. They must also have access above board
level to ensure the scheme benefits from their advice and expertise,
and that any arising issues can be swiftly escalated, if necessary
to senior officials and ministers, and so resolved.
(ii) Whenever policy or business rules are
changed, there should be consultation with the service delivery
partner, and the full implications of these changes on the security
of the project and the IT system should be identified and taken
into account.
|