Good Governance - Effective use of IT

Written evidence submitted by Peter Buchanan, think gov (IT 15)


Good Governance: the effective use of IT, Issues and Questions


The consultation paper asks for answers to twelve questions, but as they are focussed on Information Technology (IT) rather the reasons why the Government is not making effective use of IT I have included preliminary sections explaining:

· Why business must come first

· How that can be achieved

In section three I have put answers to all 12 questions and concluded with a short summary.

1. Why Business must come first


a. There are very few Information Technology (IT) failures, but plenty of examples where a public sector business change project using IT has been mismanaged.

b. Without Information Technology the vast majority of public and private sector organisations would either do less or employ many more staff. A useful analogy is going without trucks and using horse drawn carriages, and does anyone think that is realistic today?

c. We are now in an age where most organisations are unable to operate if their Information Technology is not working. Information Technology is a ubiquitous tool, and it is hard to imagine a business change that does not involve changes to the Information Technology that supports it.

d. Typically two thirds of the cost of what are described as IT projects will be for non IT expenditure. Even a simple web site needs staff trained to maintain it and publicity for users to find it.

e. Talking about Information Technology (IT) projects is to fundamentally misunderstand the nature of using IT. Worse than that it has the effect of corrupting what should be a business change by starting it from an IT perspective. For example, taking something as simple as a web site there is the world of difference in what will happen when:

· A business decides to have a web site and ask business users to provide content, or

· Business users decide to communicate and collaborate with Internet users

In both cases a web site will be developed, but the second one is likely to be much more valuable. In reality most of the web sites you regularly use will be in the second category.

f. To hammer the point home, another analogy. In a room at home you need a new cabinet, would you ask a carpenter to build something? Or would you decide what you want and take a few sketches to a carpenter? In the same way as you would lead at home the business must lead at work, so don’t leave important projects to the carpenters (or IT specialists).

g. The next paragraph looks at the key steps that need to be taken to put the business first and ensure that Information Technology is used to best advantage.

2. How to put business first


Before attempting to answer the questions I have listed the sequence of steps in a business change that I believe are necessary for the public sector to put the achievement of business outcomes first. This provides a logical basis for my answers to the twelve questions posed by the PASC.

1. Put a business leader in charge

The business will only come first if there is a business leader in charge, and their future career success is linked to achieving business outcomes. Project managers can provide support, but the "buck" must stop with the business leader.

The leader needs to have time to focus from the outset up to the completion of the business change. Rotating staff can work, but only if it is planned in advance with a reasonable overlap.

The leader needs to be responsible for the full business change, separating out the one third that is the Information Technology component and managing it separately makes no sense at all.

2. Understand what creates business value

It seems obvious that something should only be changed to achieve something, and that business value is the only sensible measure. Even a minister who "wants" something should be asked why? (or more precisely what value will it create?).

Value needs to be quantified in pound terms, otherwise how can the cost be seen to be value for money. Most importantly itemise the value of the outcome created by each separate change, and for each change assess the cost of achieving it.

3. Have measures of the business value created by each change

A good test of ones understanding of the value created by a change is being able to define a clear method for measuring its achievement. If something can’t be measured how can it be important, and how will anyone know it has been achieved?

Having robust measures of outcomes in place makes it more likely that predicted benefits are realised. Measures also enable post implementation reviews to assess what outcomes have actually been achieved.

4. Explore possibilities

Use workshops to bring customers, front line staff, managers and business leaders together. To stimulate thinking bring in specialists to talk about what is possible. Using tools outside the attendees shared experience (often new IT opportunities). Focus discussions on identifying changes that achieve measurable business value.

During each workshop there will be questions, don’t let attendees guess but capture them and get answers ready for the next workshop. Even with the right people present there will be processes that are not clear and a lack of clarity on the costs of doing things.

5. Decide what to do

When the workshops have generated a list of potential changes with a statement of what value they will achieve and how it can be measured it is time to decide what to do.

Change creates risk, so plan a roadmap of changes to keep the risk manageable. The roadmap should clearly show the outcomes from each change and build towards a vision of a future state. This roadmap is the key to managing the changes successfully.

6. Manage to achieve outcomes

Business change programmes will inevitably alter as they move towards implementation. When this happens it is essential that the impact on outcomes is understood. Without a management focus on business outcome minors alteration may dramatically reduce the value that should have been delivered.

It is also important that those managing understand what is likely to alter business value, for example, if this isn’t delivered we won’t be able to reduce staffing. This emphasises the need for a business leader to be in charge, there is nothing special about an IT project, whilst subject matter experts (carpenters or IT) are important they shouldn’t be doing the driving.

7. Sell to staff and customers

Whenever an organisation changes how it does business it needs to bring its staff and customers along with it. People don’t like change, but when there is a clear benefit for them individually they can accept large changes quickly. Mobile phones and text messaging are good examples of large changes in how people communicate that became ubiquitous quickly. But as with mobile phones the benefits need to be sold, even with a monopoly public sector organisation. It is more than selling, staff need to be trained and organisational structures may need altering. But having a focus on selling emphasises the need to persuade rather than tell.

8. Use a qualified team

Business change is nothing new and understanding the right skills and the team structure to achieve a particular change is relatively easy to establish. Where possible use people who have the skills and experience to do their jobs, where members of the team have weaknesses support them with consultants.

Don’t confuse consultants with contractors acting as staff replacements. Consultants are there to advise not do, and are an effective way to grow permanent staff without taking undue risks. Contractors are also useful, particularly when skills are needed for a short duration when it makes no sense to train people.

9. Outsource?

The more like a commodity a component is the more one should expect to outsource it, for example, it is hard to think of a reason for doing ones own web hosting. The general test is if you can’t do something better and cheaper than the market it should be outsourced.

The skill with outsourcing is to be clear about what you want and how you will measure whether you are getting it. There needs to a clear Service Level Agreement (SLA), and if you don’t have the experience to set one up call in a consultant. The SLA needs to focus on what is important to you rather than what can be measured, and beware setting targets that create behaviours one doesn’t want (e.g. a focus on call waiting times can reduce the quality of call handling).

3. Questions


1. How well is technology policy co-ordinated across Government?

Not particularly well, in most commercial organisations the procurement and deployment of Information Technology is heavily standardised which generally isn’t the case in the public sector. For example in most large commercial organisations the personal computer and the business management tools one uses are common in all divisions, even internationally. This makes it easy to work together and reduces costs.

There are exceptions, usually in large Departments that have outsourced the IT service provision, but standardisation should be far more common. This problem is particularly obvious when public sector workers are moved from one Department to another following a reorganisation and they need new IT kit and retraining to do essentially the same job.

There is no good reason for different public sector bodies to procure different IT solutions rather than standard commodity solutions, but they continue to do so.

2. How effective are its governance arrangements?

As explained earlier there are few IT projects, merely business changes that rely on IT. Governance arrangements should therefore cover all the steps outlined in Section 2 "How to put business first" above. Whilst the Office of Government Commerce continues to argue that business issues must lead there is limited evidence that it does.

Intellect and the Office of Government Commerce have developed models that promote good governance when IT is procured, which includes having a Senior Responsible Officer. Their work emphasises the important of having a business leader to take responsibility and this approach could usefully be followed for all business change projects.

3. Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learnt and applied?

The reviews broadly concur with the high level points made earlier, i.e. that success is dependant on putting business first, i.e.:

· the level of engagement by senior decision makers of the organisations concerned;

· their understanding of the importance of determining at the outset what benefits they were aiming to achieve and, importantly, how programmes and projects could be actively managed to ensure these benefits were optimised.

As this consultation is talking about IT rather than business change it suggests that the lessons haven’t been learnt.

4. How well is IT used in the design, delivery and improvement of public services?

Not as well as it could be, largely because the early phases described in Section 2 "How to put business first" are generally not followed. There is far too much enthusiasm for IT projects rather than business change projects, resulting in a failure to fully explore how business value can be maximised.

For example, the Identity Card project was viewed as an IT project, with the majority of public sector thinking on how it could be justified. What should have happened is that the potential for improving identity management for public sector staff and citizens should have been examined to assess what changes would improve outcomes. As managing identity is a significant proportion of what the public sector does, and it is heavily duplicated it, seems likely that cost could be significantly reduced and confidence in identity improved.

5. What role should IT play in a ‘post-bureaucratic age’?

An interesting question, assuming that post-bureaucratic means an age where "decisions are based on dialogue and consensus rather than authority and command". IT is clearly a fundamental enabler as dialogue and discussion will otherwise be limited to those that can physically meet together.

The follow on question is "how can IT be exploited so as to pull citizens into dialogue and discussion"? Experience so far with open consultations has not been spectacularly successful, but there are successful models, usually where there is a clear benefit to helpful contributors.

6. What skills does Government have and what are those it must develop in order to acquire IT capability?

As explained in my comment on outsourcing "if you can’t do something better and cheaper than the market it should be outsourced". If the skills are not present in a particular public sector organisation it is a waste of public money to develop them. The key skills needed by Government are in deciding what to do and how to manage it i.e. to be clear about what they want, how they will measure whether they are getting it and measuring and evaluating it.

The Government needs are for business and project management skills, it can contract for IT specialists. Although if there is a long term need for IT specialists then it may be cost effective to train in-house staff.

7. How well do current procurement policies and practices work?

Badly, there are too many separate procurement exercises for what is essentially the same commodity. This wastes public money in two ways, the cost of each procurement exercise, and the higher prices paid through losing scale economies. Also many of the staff running procurements do not have the experience and confidence to operate the processes efficiently resulting in the waste of public money.

The large number of catalogues for the supply of IT services across the public sector illustrates an unnecessary desire to be different. And the public sector pays heavily for the different catalogues, both in the cost of setting them up and higher charges to recoup supplier’s costs. It would be possible to only permit a public sector organisation to procure something when they can convince a national review organisation that they need to and there isn’t a suitable procurement mechanism in place. Where a new procurement is necessary they should also make sure the contract is usable by other public sector organisations.

8. What infrastructure, data or other assets does government need to own, or to control directly, in order to make effective use of IT?

Control is the key; ownership is irrelevant as long as Government can trust the owners. All personal data and access to it needs to be controlled. There is also a good case for one Government organisation to control assets which are shared by a number of public sector bodies.

9. How will public sector IT adapt to the new ‘age of austerity’?

An interesting question and one that suggests IT is still seen in isolation, which will cause public sector performance to decline in comparison with the private sector. As argued earlier IT is a tool, and is also a small proportion of Government’s administrative expenditure. If the public sector truly wishes to save money it will spend more on business change projects that use IT. The austerity should affect total administrative and programme spending not solely IT expenditure.

10. How well does Government take advantage of new technological developments and external expertise?

Variably, but overall Government is much worse than large scale commercial organisations. One reason for this is that the public sector behaves like a lot of small, rather amateur, independent organisations. Localisation is fine, for example Tesco does it really well, but they have all their common services managed nationally. Can you imagine every store procuring their point of sale equipment separately?

Public sector organisations with inevitably restricted numbers of experienced staff are never going to be able to keep up to date and maintain relationships with the key people in the IT industry. The more the provision IT is managed locally the worse the situation will get.

11. How appropriate is the Government’s existing approach to information security, information assurance and privacy?

It is not well defined and inconsistent, and there is a clear need for there to be a right of privacy. For example, it can be argued that many of the well publicised failures resulted from a lack of care for the rights of citizens to have their information protected.

12. How well does the UK compare to other countries with regard to government procurement and application of IT systems?

Procurements typically take more time in the UK. There is a tendency to go a long way beyond the intent and letter of the law, often because of inexperience due to the fragmentation of public sector procurement.

The application of IT systems would be massively improved if senior public servants were routinely expected to understand what IT could contribute. IT shouldn’t be a bottom up push from IT specialists but a business pull from knowledgeable and confident business leaders. Failure to exploit a ubiquitous tool, which is what IT has become, should be a signal that a business leader needs to be retrained or re-deployed.

4. In conclusion


Having answered the twelve questions a few themes are apparent:

· We should be talking about business change enabled by IT, with measurable business value the focus. This means having a business leader in control, leaving specialists (like IT) in support.

· Information Technology that is essentially a commodity should be centrally procured and managed. Not necessarily for the whole public sector but certainly for some eg all police forces. Act local but manage nationally, as illustrated by Tesco.

· There needs to be simple all pervasive policies on security and privacy that apply evenly and transparently across the public sector.

The public sector is capable of making massive efficiencies, but by exploiting IT and changing the way it does business and not by attempting to merely spend less on IT.

January 2011