Good Governance - Effective use of IT

Written evidence submitted by Dr Leonard Anderson (IT 16)

Summary

1. The reasons for the enquiry are clear. A problem with the questions is the concentration on Technology at the expense of Information. A policy for Information Governance is a primary need, which would naturally include the Technology aspects. This means identifying target outcomes as the first step, building governance processes and finally specifying the technology. Technology policy is a tertiary requirement.

2. Technology has the capability to improve security, effectiveness and efficiency of all public sector services. It could provide faster transactions for citizens, departmental information sharing and better planning information. This cannot happen because Government ignores international interoperability standards (eg ISO 18876), a "not invented here" culture in technologists and avoiding structured control of programmes. There is no cross government architectural guidance, strategy or standards body. Avoidance of standards misses many opportunities for efficiency savings and improving the value of information.

3. Government leadership of technology related programmes is ineffective. No career structure is evident. Departments, Agencies and Local Government have no common frameworks or Information Governance policies. Information is not managed as a public asset – it is more the management of data silos to be obscured from others.

1. How well is technology policy co-ordinated across Government?

4. It is not obvious that technology policy is coordinated. For example much work done by various CIO and CTO Council working parties has neither been completed nor published. The "Enterprise Architecture for UK Government" http://bit.ly/i9PxeH, started in 2006. It was an attempt to develop an Enterprise Architecture reference model, which should have helped to:

· Move to a shared services approach

· Promote the development of common infrastructure

· Improve management of risk

· Identify and aggregate demand to promote efficient use of resources

· Agree shared standards to promote better inter-working between agencies

· Increase competition in the supply of IT services and products

· Improve business agility and a reduce total cost of ownership

5. The achievement in terms of deliverable products was virtually zero. There was lots of good will from both local and central government ICT managers, but no programme leadership. It was not a failure of policy; it was a failure of governance.

2. How effective are its governance arrangements?

6. There do not appear to be any broadly agreed governance arrangements. Information governance is complex – just look at the complexity of the definitions http://wp.me/p14MGf-dD . Each department, government agency and local authority has its own opinion on what it is and how to implement it. There’s no obligation to follow internal processes, let alone any Cabinet Office pronouncement.

7. There are areas of good security and privacy governance. The codes of connection between networks is one good example – although perhaps too excessive for some local government applications. Most organisations do not have an information asset register. People cannot govern what they don’t know exists nor where it is located.

8. Briefly, there is a need for cross government standards. The E-Government Interoperability Framework (E-GIF) was mandated, but there isn’t any development or auditing of its use. The work done on a Framework for Multi-Agency Environments (http://www.fame-uk.org/) has not gained any traction – it identifies risk factors and prevents costly failures. The Government culture is to ignore standards

3. Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learnt and applied?

9. Too many past and present failures demonstrate that People have not learnt how to manage complex programmes consistently. Internal programme management skills have not been developed sufficiently. Contracting out so much of the work is evidence of a lack of internal skills and abrogating much of the responsibility the big suppliers, who are not averse to earning extra income.

10. Managing Successful Programmes (MSP) and Prince2 were developed with public sector programmes and projects in mind. They are excellent processes, when well executed. People and suppliers find reasons for not using them.

11. Other disappointing examples are in the Prime Minister’s Structural Reform Plans (SRPs) http://wp.me/p14MGf-am . There’s no apparent MSP regime. It looks like an unco-ordinated set of To Do lists; no evidence of a risk register or linkage of the IT aspects in each department. The avoidance of standards is endemic. In the private sector it could be a career limiting offence. http://wp.me/p14 M Gf-bO http://wp.me/p14 M Gf-bO .

12. Quality assurance and risk assessment must be performed by independent bodies, not the prime contractor. Even internal staff cannot be relied upon to expose failures of people who may be planning their career path – but collecting evidence will be hard.

4. How well is IT used in the design, delivery and improvement of public services?

13. IT has added value in many public services. "How well?" implies some form of performance measurement from a baseline. Most KPIs are just benchmarks against similar types of local government organisation eg SOCITM http://bit.ly/h99EUs. These are useful figures, but do not show a comparison with other parts of the public sector or the private sector.

14. The ability to compare with universal best practice depends on a level of maturity that is not present in the public sector. See "Valuing Information as an Asset" http://lenand.files.wordpress.com/2011/01/infoasasset.pdf as an introduction to what can be achieved. There are some good public sector examples – but adoption of the techniques is not widespread.

15. Evidence of quality across the UK public sector is mixed. There are good and bad examples in every organisation. Post implementation reviews, one year after implementation, would be the best source of evidence – but almost as rare as hen’s teeth.

5. What role should IT play in a ‘post-bureaucratic age’?

16. Unfortunately, IT is correctly associated with bureaucracy by front-line staff. Computerised forms, often laboriously filled in from paper copies, are seen as the problem, not the solution. IT should have a tertiary role after designing a process and governance mechanism.

17. Data should be captured automatically in the usual line of business. For example, social workers should not be required to file so many written reports. Voice recording should be sufficient. Automatic transcription should be routinely performed. Handwriting recognition with smart pens can collect forms data. IT should not add to the workload, it should reduce it. More use should be made of electronic credentials and personal data stores.

18. There is a huge bureaucratic structure to support data collection in schools and colleges. £billions administrator effort is spent collecting data for records and statistics, diverted from the education budget. Some supplier research on the cost of administration in the education sector are as follows:

19. With six times difference between the lowest and highest, there must be room for efficiency gains by effective use of IT. Eliminating duplicate entry and automating links between incompatible systems should be a high priority for the nation.

20. An even larger set of administration exists in the school sector, for example the recording children’s attendance at school. There is a huge bureaucratic structure to support it. Schools expend huge amounts of teacher and administrator effort collecting data for statisticians – not just teaching. Schools in the UK process the information about 9 million children on a daily basis. The total volume is hardly noticed as it is performed in about 27,000 independent, self-contained locations. This is not just by the 400,000 teachers, but also by up to 90,000 administration staff and assistants. A school is typically involved in the operation of 10 different systems with records of attendance, achievements, school meals, libraries, parental addresses etc. Grossing up, there are about operational 250,000 systems. Much of the data is shared, within a school, across schools, up to local authorities and to the Department for Education (DfE). They share childrens’ names, addresses, dates of birth, nationality, parents’ names, qualifications etc.

21. And yet, although this cries out for standards, the DfE does not support http://wp.me/p14MGf-6h the only practical way forward provided by the SIF Association http://bit.ly/cmUx8K. This is a collaboration between educationalists and all the main suppliers of school administration systems. SIF is designed to provide complete interoperability between disparate systems. It is an open standard supported by certified commercial software.

6. What skills does Government have and what are those it must develop in order to acquire IT capability?

22. Government does not have clue what IT skills are available from staff in central or local government. There is no coordinated Government asset register for people or information assets. There is no interoperability between human resource systems to enable an easy audit of skills. Secondly, there is no obligation to use standard definition of skills and career paths.

23. What it must NOT do is try and establish a new bureaucratic skills register. It will fail. It must establish a standard of common information required from every public sector organisation. This will take time. Such a project was attempted in a large multi-national company, eight years after the project started. The original concept failed. After a post mortem, the replacement project succeeded.

24. You can’t control a skills development process until you set a baseline and define the outcomes needed. Government is fragmented into thousands of independent units. Very few are capable of providing a total service with the latest technology – neither should it. There is a case for a flexible, mobile IT workforce for developing modern systems.

25. Multi-national private sector organisations develop staff in a matrix organisation where development staff have a functional career path, but are assigned to operating units for projects, pay and rations. Promotion and skill development is a joint responsibility between the IT Function and the operating company. Replace the "IT Function" with a Government CIO role and "operating company" with department, agency and local authority. A policy that only considers the careers of a few ‘fast track’ is not fit for purpose given the dependence of Government on so many IT staff. Working as an understudy, or a bag carrier, to expensive external consultants does not give the level of responsibility needed.

26. People are our greatest asset, and public sector IT has completely lost its way. Serendipity, longevity and risk aversion are the hallmarks of many careers. This should be changed to public sector career planning, flexibility and leadership.

7. How well do current procurement policies and practices work?

27. The evidence is mixed. Sometimes they do. Sometimes they don’t. Most local authority projects work to budget and many are delivered on time. The headline problem is the failure of big projects. There’s an adequate OGC Gateway process. It just isn’t followed, or improperly understood. If private sector projects are aware of a great risk of failure, they will often cancel projects on behalf of the shareholders.

28. Good programme management, and all that it entails, is the missing ingredient. The best programmes integrate the work of clients and suppliers in a working partnership. They have common goals and clear leadership. There is clarity of governance and accountability. Complete outsourcing is a recipe for rip-offs. The client must have matching skills or employ an independent programme management consultant.

8. What infrastructure, data or other assets does government need to own, or to control directly, in order to make effective use of IT?

29. Ownership of processors, data stores and communication networks is not a major issue. They are commodity products and most are not core government assets. They should be procured and operated at the lowest cost to the public purse. If a Government Cloud is trusted, secure and economical, then it should be used.

30. Control of data is a core custodial function and must not be relinquished. Data is best regarded as a triumvirate of Operational, Reference and Derived data. Public services may use any or all of these.

31. Operational data is front-line, perhaps with high transaction volumes, eg school attendance or DVLA registration. Nobody would contemplate providing this type of service without IT.

32. Reference data, commonly shared between many systems, is of variable quality, such as addresses. The reason is often that different operational systems have different versions and incompatible formats. Interoperability between systems is impossible without adoption of data standards. The public sector, as a whole, does not have a functioning standards body, or the power to enforce them.

33. Derived data is combined or abstracted from several sources. It is the basis of planning and performance measurement systems. It may reside in data warehouses or complex spreadsheets. Systems may collect data from operational, reference or other derived data sets. What make it more complex is that the quality not only depends on knowledge of standards, but also the context and timeliness of the source data.

34. Interoperability Standards have been ignored. Presentations about ISO 18876 were made as early as 2003 by Dr L Anderson and Prof Matthew West to the extant e-standards body. Further presentations were made to DWP on 11th May 2007 and the "Public Sector Information Domain" group in the Cabinet Office on 27th November 2008. No action resulted. DfE avoiding the SIF standards was also referenced in paragraph 21. Martha Lane Fox seems to understand the need for standards. http://wp.me/p14MGf-aC. That’s what Government leadership should control.

9. How will public sector IT adapt to the new ‘age of austerity’?

35. People will leave public sector employment. Innovation and development will diminish. Training will be embargoed. Morale will flag. Productivity may reduce. There may be more flexibility in central government, but local government IT runs the risk of failure of some services.

36. Austerity has already had an impact on professional development and knowledge sharing events. Some local authorities have been told to stop all external meetings. In central government, some visits to Brussels have been banned, missing opportunities to influence vital EU legislation. Austerity causes people to economise and only look inwards for solutions - when better ideas may exist outside.

37. "How should it adapt?" would be a better question. It should not be a headless chicken reaction, people should look at the principles of Information Governance http://wp.me/p14MGf-dD and portfolio analysis. The least important IT services could be ceased or support stopped.

38. Innovation and training should be protected http://wp.me/p14MGf-57. Internal administrative systems should be culled or drastically reduced.

10. How well does Government take advantage of new technological developments and external expertise?

39. Local government does not have much capacity for developments or purchasing external expertise. People identify opportunities where services might be improved by the use of technology. Very rarely does technology inspire the development of new or improved services.

40. Most technology experts respond to the commands of service and business managers. They often do not have the big picture that takes in all the process and governance constraints. Many are attracted to the technology itself, not the underlying objectives or desired outcomes.

41. Government should look at principles first. Adopting principles could become policy. Unless there is a policy to ring-fence innovation, standards development and skunk works, then it is difficult to analyse the potential value of new technology. It may be fundable in central government, but virtually impossible in local government.

11. How appropriate is the Government’s existing approach to information security, information assurance and privacy?

42. The question is limited to a small part of the much more comprehensive field of Information Governance. Eurim’s Information Governance group looked at Basic Principles (See http://bit.ly/gJXLIA), leading to a one sentence summary:
"Information Governance is the setting of objectives to achieve measurable outcomes by people using information assets in a life cycle process that considers both risk and time constraints."

43. Information Governance standards could be, and should be, developed by the Government CIO. Then there will be a baseline for quality assurance at all operational levels of public service. A framework and roadmap for developing partnerships is now essential – and the Government developed one for £6million, see http://bit.ly/brSoO3 . Why are they not mandated?

12. How well does the UK compare to other countries with regard to government procurement and application of IT systems?

44. Is the relative performance of government procurement closely linked to Transparency International’s corruption league table. http://bit.ly/eIcEJI? In 2010 the UK was in 20th position. How does the UK compare in procurement performance with competitor countries that rank higher, such as Japan, Germany, Scandinavia? The USA is ranked 22nd.

45. Countries lower down the corruption table frequently have a cosy relationship between suppliers and politicians. Selection procedures favour the big suppliers, who have to increase costs to pay for lavish levels of hospitality and inflated ‘consideration’ payments. There’s a message about avoiding such behaviour in the UK. It may mean employing people with the appropriate skills directly and not relying entirely on external consultants. Whilst working abroad, I heard a supplier say that he proposed an expensive database management system above a free one "because they can’t mark up free software". There is more benefit to public ‘servants’ if contract costs are higher.

46. Corruption lies in the cultural sub-dimension of ‘People’ in the Quarkside seven dimension information governance model (7DIG). http://bit.ly/hBGVJi . The acceptance of favours is only part of the problem; it is also the treatment of those who object to potentially corrupt behaviour. Whistleblowers invariably lose out from any attempt to expose questionable practice. Too many civil servants finish up with large income from suppliers after they leave government service.

47. Application of IT systems is the third thing to consider, AFTER confirming the service requirements and establishing the governance. Initial adoption of packages based on other countries systems, laws and culture is doomed to repeat the mistakes of recent procurements.

January 2011