Good Governance - Effective use of IT

Written evidence submitted by Roger Marshall (IT 25)

1. I have spent my whole professional career in local government ICT and was Information Systems Director for the City of London Corporation until retiring in April 2010. Since 2009 I have chaired a group within EURIM (The Information Society Alliance - see http://www.eurim.org.uk) which has been examining the subject of IT procurement in government and I am currently the industry chair of Eurim’s Public Service Delivery group.

Summary of main points

2. The main points in my response are:

· Central government and its major agencies have a poor track record in: (a), obtaining good value when purchasing IT services and (b), successfully implementing new IT-based systems. There is, however, much good practice in other parts of the public sector from which central government can learn.

· There should be a strengthening of the professional status of IT within government. This means that senior civil servants and ministers should ensure that independent advice is available, listened to and acted upon.

· Senior Responsible Owners have a key role and once appointed should stay with projects and programmes until they are completed.

· Where Ministers wish to go against the advice given, their decision should be in the public domain in the interests of transparency.

· Greater use should be made of off-the-shelf packages and "good enough" rather than fully-tailored solutions, re-designing business processes to exploit their potential for cost reduction and service improvement.

· More investment should be made in the development and promotion of small scale front line support applications and customer self-service systems.

How well is technology policy co-ordinated across Government?

3. The formation of the CIO Council and appointment of a Government CIO have been steps in the right direction. However, the results so far have been disappointing. The CIO Council and Government CIO have had little impact on IT practitioners in the public sector and insufficient effort has been put into promulgation of their work.

4. Technology policy should be centred on standards (in particular procedural and data interchange standards) not on products and services. It is ironic that the UK government has been instrumental in developing or nurturing world-renowned IT management techniques such as Prince2, MSP (Managing Successful Programmes) and ITIL (IT Infrastructure Library) yet appears unable to apply them as successfully as other organisations (including other parts of the UK public sector).

How effective are its governance arrangements?

5. This has traditionally been a weakness in large central government departments and agencies. It cannot be emphasised too strongly that CIOs or their equivalent must be given the resources and authority within public sector organisations in order to impose good practice and eliminate poor practice. In comparable private sector organisations (i.e. those whose main business is the processing of information) there will invariably be a main board director who both understands and can represent the interests of IT professionalism. This should be the case in the public sector too.

6. Major projects and programmes have a Senior Responsible Owner (SRO) appointed. It is essential that SROs stay with projects from start to finish so that each programme has a clearly identified advocate and leader. With this responsibility should come the power to call a halt or fundamentally change the objectives if the risk of failure becomes too high. SROs should have the power to freeze the specifications for new systems where this is needed to meet the programme’s objectives. Where a minister wishes to override such advice their decision, and the reasons for it, should be clearly stated and in the public domain.

Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learnt and applied?

7. Clearly not, as both project and operational failures costing billions of pounds are still being reported. I have recently chaired a Eurim group which summarised the procurement advice available from the NAO, Audit Commission and others (see http://www.eurim.org.uk/activities/pubproc/0909ProcurementSummary.pdf). As was the case back in 1994, when I chaired a similar special interest group for the Institute for Data Processing Management, which was set up following a damning report from the Public Accounts Committee at that time, there is no shortage of advice (such as that given in the above paragraphs). If the advice, then or now, had been followed there would have been few total project failures and much greater realisation of the potential benefits from government IT programmes.

8. Looking ahead, there have been recent announcements concerning implementation of the government’s Universal Credits policy, including the IT arrangements. Although the details of these arrangements have yet to be published, there are already serious causes for concern as this programme displays some of the characteristics of previous IT disasters.

How well is IT used in the design, delivery and improvement of public services?

9. Too often computer systems are designed and built from scratch to meet a highly complex set of requirements driven by policy development. Much more should be done to improve business processes in government with a view to making the best use of available IT systems. The adoption of off-the-shelf packages can often provide a perfectly adequate 80:20 solution (80% of the benefits for 20% of the cost of a fully-tailored system). The 100% solution will often fail because (a), it was too ambitious and inadequately planned, costed or executed, and (b), by the time it was deliverable government policy had changed.

What role should IT play in a 'post-bureaucratic age'?

10. Low cost, small scale IT solutions which provide real benefits for front line staff should be encouraged and adequately funded, accepting that many such developments will fail to live up to expectations. The lessons learned should lead to a rapid improvement and wider roll-out and processes should be set up to ensure that this happens. In other words, start small and scale fast. A similar approach should be taken to systems enabling citizen self-service – there are already many good examples but they need to be more widely available and heavily promoted.

What skills does Government have and what are those it must develop in order to acquire IT capability?

11. Government does not need to be an IT application developer nor does it need to run data centres, however it should stimulate and regulate the market for these services. What it does need are the skills of an intelligent purchaser. It also needs programme management skills. These do not need to be "in house" as they can be bought in; what is essential is that the programme manager is independent of the suppliers and is incentivised to obtain the best outcomes for the customer. Above all, the advice of programme managers must be listened to and acted upon by SROs, chief executives, top civil servants and ministers.

How well do current procurement policies and practices work?

12. Performance varies across the public sector, but there are good examples of highly cost-effective procurement practices, for example the best outsourcing arrangements in local government and co-operative joint purchasing of telecom services and of PCs through reverse auctions. Generally speaking the UK public sector does not get good value for money when purchasing IT services and we should put more effort into determining the reasons (for example, structure of the market, legal constraints, use of proprietary products) and putting them right.

What infrastructure, data or other assets does government need to own, or to control directly, in order to make effective use of IT?

13. Most of the infrastructure does not need to be owned, but government should take measures to ensure that infrastructure suppliers do not profit unreasonably from their government business. Clearly, also, it should ensure that security and resilience of the infrastructure are properly addressed and audited. Data is different – personal data collected or held by government should be considered to be owned by the data subject and treated accordingly. Other data may be "free" or controlled by government for a variety of reasons (for example, intellectual property value, security, commercial value) and ownership/control needs to be determined on a case by case basis. Such considerations are unlikely to adversely impact the effective use of IT in most cases.

How will public sector IT adapt to the new 'age of austerity'?

14. There are savings to be made within existing IT budgets, as historically the government has not been an effective purchaser of these services. Rationalisation of infrastructure into large shared-service data centres and networks can also provide savings. The biggest opportunity, however, lies in application rationalisation and the ruthless adoption of common systems across government. This should be led from the top of the civil service and by ministers - applying the 80:20 rule as described above and banning the silo mentality.

How well does Government take advantage of new technological developments and external expertise?

15. Adoption of new technology should be promoted through multiple small scale pilots and rapid scaling of the successful ones – this should be a well-financed and highly-publicised programme. External expertise is no substitute for good management – managers should know why they are buying in expertise and buy it intelligently, stopping when it is no longer needed.

How appropriate is the Government's existing approach to information security, information assurance and privacy?

16. There is a high level of expertise in government but its application is patchy. There is a need for a more joined-up approach across government on subjects such as identity management and also a need for better staff training.

How well does the UK compare to other countries with regard to government procurement and application of IT systems?

17. The UK has a poor track record by any standards. Much of this can be blamed on a predilection for big-bang solutions driven by ministerial hubris. Big developments are intrinsically far more risky than smaller scale ones which can then be rolled out and gradually improved in an incremental fashion. Where scale is smaller, managerial responsibility consistent and lines of control shorter, such as in UK local government, IT failure is relatively rare. Eurim believes that evidence from other countries supports this view.

January 2011