Good Governance - Effective use of IT

Written evidence submitted by Ministry of Defence (IT 21)

1. How well is technology policy co-ordinated across Government?

1. There is always a tension between the potential benefits of innovation and exploitation of leading edge technology, and the ability of a large Government department to maintain economies of scale in procurement and interoperability between OGDs and the Department itself.

2. Work has been undertaken by both the cross-Government CIO Council and CTO Council to identify best of class process, practice, and solutions as exemplars to be adopted by HMG.  Progress has been made in this area, and MOD continues to participate proactively in the development of cross-Government polices and the implementation of initiatives.

2. How effective are its governance arrangements?

3. MOD has a comprehensive governance process, enabling Defence to achieve value for money from its ICT acquisition.

4. In 2010, MOD CIO conducted a review of ICT projects in support of the Cabinet Office/HM Treasury initiative to identify if ICT projects:

a. were key to delivering required Defence outputs and were consistent with Government priorities;

b. were able to deliver the agreed requirement on time and within budget;

c. could be delivered in a different or more cost effective way by merging with other projects or by significantly reducing the scope/complexity of the requirement.

5. Of 33 projects reviewed, only one was ceased (this is currently under appeal).

6. The Department’s ICT spend also demonstrates effective governance. It compares favourably to the overall UK Public Sector average and Gartner’s Peer Group comparator for Defence.

7. However, MOD recognises the need to improve and to continue to drive through efficiencies. The publication of the Defence ICT Strategy (well received by the Government’s CIO Council), along with the formation of Network Authorities, will further ensure that future MOD ICT investment decisions are coherent, offer value for money, and meet business and operational requirements.

3. Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learnt and applied?

8. Lessons are identified following OGC Gateway reviews and the publication of NAO reports. Within MOD, the relevant policy branches are briefed and guidance/policy is amended as required. The issues identified are also shared with MOD scrutineers and are integrated into the acquisition cycle.

4. How well is IT used in the design, delivery and improvement of public services?

9. The Defence Information Infrastructure (DII) programme is a pan-Defence programme that provides a high-availability information infrastructure to support activities at strategic and tactical layers globally. It is currently enabling the retirement of a host of ageing and diverse legacy IT systems across Defence, delivering greatly enhanced capability at better value for money. The capability is allowing, for the first time, all Departmental personnel to readily access and share the information they need in order to do their job efficiently and effectively.

10. DII is already freeing up Departmental money for use in other areas; DII is currently on track to deliver direct financial benefits in excess of £1,600 Million by 2015. A specific programme of work named DII Optimisation is underway to ensure that the DII programme continues to achieve its objectives at best value for money to the taxpayer. In the near future, DII will begin hosting Microsoft Office SharePoint Server (MOSS), a vital new capability that will allow a ‘ways of working revolution’ across Defence by introducing, across the estate, new core collaborative tools. These tools will enable better ways of working and promote further efficiencies across business Processes into the future.

5. What role should IT play in a ‘post-bureaucratic age’?

11. Defence is less directly focused than other Government Departments on the delivery of services to the UK citizen, but nonetheless seeks to exploit IT by empowering its staff (and members of the wider Defence community) through automation of previously bureaucratic processes and increased access to corporate data.  New media and techniques will allow individuals and communities to engage more directly and effectively with the information they need to perform their function.  The automated flow of assured information to relevant stakeholders from 'factory to foxhole' will increase data quality, speed decision making, drive out inefficiencies and reduce unnecessary bureaucracy.

12. Defence has invested significantly in DII and now seeks to drive operational effectiveness and efficiency in its agile investment in applications; applications that must support unpredictable operational demands and increased levels of mobile and remote working.  The exposure of data, held at appropriate levels of quality and assuredness, at the point of need, will allow users to manipulate it directly, with less dependence on third party processing.  A typical investment of circa 4% in ICT will be leveraged to drive greater efficiencies and to enhance effectiveness in the remaining 96% of Defence investments.

13. MOD is fully engaged with the cross-Government initiatives, including the Efficiency and Reform Group’s (ERG’s) G cloud initiative to map the future provision of services.

6. What skills does Government have and what are those it must develop in order to acquire IT capability?

14. There are over 8000 IT staff in MOD who are managed as distinct groups as members of the three Armed Services and MOD Civil Service. The skill sets captured for civilians are: Information Technology; Information Assurance; and Enterprise Architecture. Each of the three Armed Services defines its IT functions slightly differently, tailored to their specific operational environments (Maritime, Land and Air). The MOD has an Information Skills Champion who promotes Information Skills across Defence.

15. Across Defence, IT skills/roles are increasingly required in the following areas:

a. Architects: to enable an Enterprise Architecture approach to create federated systems, ITIL/Service Management and a move towards more shared corporate services.

b. Analysis and design, including rapid design and development to align applications, databases and services, testing and technical trials environments and expertise.

c. Information assurance expertise, particularly in the field of denial-of-service attacks and Cyber.

d. Information exploitation of latest Defence Information technologies.

e. Intelligent customer management.

f. Project & Portfolio Management including Through Life Capability Management.

g. INET application skills for deployment into theatre.

h. Skills for developing improved situational awareness tools, geospatial technology, matched with the ability to deal with increasingly large data transfer, for example imagery.

i. Comprehensive and realistic training environments (pre-deployment) which are key to the efficient exploitation of operational IS.

7. How well do current procurement policies and practices work?

16. MOD Procurement Policy is directed by the Director General Defence Commercial (DGDC) and is generated from legislation including EU directives, audit and lessons learnt. This policy information is cascaded down by Senior Commercial Officers at their Team briefs for implementation and is available on the Defence Acquisition Operating Framework (AOF) and the Commercial Toolkit on the MOD Intranet.

17. The MOD Procurement policy and practices cover all elements of the procurement lifecycle (Concept, Assessment, Demonstration, Manufacture, In-Service and Disposal/Termination). The in-service element covers aspects such as contract management and performance management using measurement tools such as Key Performance Indicators (KPIs) and Benchmarking.

18. All MOD ICT Contracts have been aligned to adhere to ERG Standard Terms and Conditions and amended where required to meet the specialist requirements of our customers. The MOD Procurement Policies and Practices are effective due to strong Commercial Governance and Assurance roles which provide advice, support, guidance, review and audit to all MOD Commercial HQ and Delivery Teams. MOD has clear and defined roles and responsibilities, principles and practices that are well established and adhered to by all staff, with the appropriate training courses to up-skill newcomers to the function.

8. What infrastructure, data or other assets does Government need to own, or to control directly, in order to make effective use of IT?

19. In principle, we should look to outsource IT infrastructure unless there are security or operational reasons which would dictate otherwise.  Over 60% of Defence’s IT infrastructure is already out-sourced; however, MOD will need to retain ownership of deployable infrastructure, which is primarily associated with military operations and ensure that it can support this infrastructure in areas which would be unsuitable for employing contractors (for example patrol bases in Afghanistan). There may also be a need to retain IT infrastructure because of security concerns, existing commercial arrangements or because the total cost of ownership associated with out-sourcing would be considerably more expensive than retaining ownership.

9. How will public sector IT adapt to the new ‘age of austerity’?

20. MOD has always sought value for money but the current challenging fiscal climate makes efficiency a key requirement. MOD will deliver this by:

a. Commonality and economies of scale. Defence will work more closely with wider-Government and ICT suppliers to drive down costs through economy of scale; removing unnecessary overlaps between business areas and Departments; and avoiding costly duplication of capability. In future years, Defence will increasingly use common ICT purchased from Government or Defence catalogues (and possibly supplied to OGDs by Defence). Only where there are unique Defence requirements (such as in relation to operational, security or intelligence issues) will dedicated (or differentiated) ICT be authorised. In addition, Defence will also seek to share technological innovations with and from other countries, for example the G Cloud.

b. Enterprise approach to asset management. This approach requires that all ICT investments adhere to a common set of Guiding Principles to enable better use of existing ICT Services.

c. Better resource management. To ensure optimal benefit from ICT investment, Defence CIO plans to: better measure Defence ICT spend; establish a reliable process for measuring VfM/return for ICT investment; and set targets for reducing year-on-year ICT run and maintain costs.

d. Efficiency through effective ICT: ICT is a key enabler of Departmental outputs, with current spend accounting for about 4% of the Department’s operating costs (which total~£37bn). By leveraging more effective ICT services this 4% can support business areas to become more efficient, driving down the remaining 96% of operating costs.

10. How well does Government take advantage of new technological developments and external expertise?

21. MOD has a mature and well funded research programme and innovation strategy which aims to provide leading edge military equipment to deployed operational environments. MOD is also developing innovation processes to drive the re-use of existing IT to optimise MOD support and back office functions.

 

22. MOD has good links with key providers such as Cisco, IBM, Microsoft and Oracle to understand how changes can benefit MOD and to help influence their product roadmap. MOD is increasingly attempting to incentivise suppliers to exploit the benefits of new IT developments by inserting new technology into their systems in a timely manner, noting the challenges, however, created by system complexity and application inter-dependencies. Security considerations, specifically certification, must also be considered, and MOD must strike the right balance between the benefits of the introduction of new technology and ensuring the maintenance of security.

11. How appropriate is the Government’s existing approach to information security, information assurance and privacy?

23. MOD has a mature risk management culture, policy and set of assurance activities with respect to ICT products and services. MOD has implemented a comprehensive Information Assurance Programme in response to both the Government’s Data Handling Review and Sir Edmund Burton's review into information security which also addressed the requirements placed upon the Department by the Information Commissioner’s Office under his enforcement notice. MOD monitors and measures its information assurance maturity through the Government’s Information Assurance Maturity Model. MOD has shown considerable improvement in its IA maturity following the IA programme, and is undertaking a cultural change programme to strive for continued improvement.

12. How well does the UK compare to other countries with regard to government procurement and application of IT systems?

24. To date, MOD has not formally reviewed the ICT procurement processes of other countries’ Governments. However, some comparisons have been made in relation to specific capabilities and/or programmes for example with the New Zealand and US policies and processes. In addition, MOD is currently engaged in an ERG project along with Department for Work and Pensions (DWP) to reduce the average timeline for restricted procedure ICT procurement to be placed and to bring the UK Government in line with the timelines of other Governments across the EU.

January 2011