Good Governance - Effective use of IT

Written evidence submitted by Intellect (IT 39)

1. About Intellect

1.1 Intellect is the UK trade association for the IT, telecommunications and electronics industries, representing 770 member companies from SMEs to large multinationals, which account for approximately 10% of UK GDP. We are a not-for-profit and technology-neutral organisation.

1.2 The majority of our members supply the UK public sector. This submission draws on their collective expertise and presents the perspective of the UK technology industry.

2. Summary and recommendations

2.1 Technology for the consumer is moving ahead at light speed. Yet UK citizens and frontline public sector staff often are forced to deal with outdated public services.

2.2 Great leaps have been made in productivity in the private sector by using technology to drive new ways of working. But the UK government has made only patchy progress towards adopting modern business practices for running its operations.

2.3 Government operates in silos, procurement is not fit-for-purpose, a risk-averse culture prevails, technology policy co-ordination and governance are ineffective, and the best people with the best skills are not made best use of. Adoption of new technology is slow, and innovative suppliers keen to enter the market encounter a host of barriers. Public services are designed around the structure of government as opposed to citizens’ needs.

2.4 However, there are also scores of examples of excellence. The Oyster card service and congestion charging in London, online driver’s license renewals and tax returns, smart phones for emergency service workers, the digital x-ray service and a host of back-office efficiency initiatives are improving services and cutting costs. The Tell Us Once initiative, which has started small and is now scaling up, is a great example of common sense.

2.5 The ‘age of austerity’ may serve as a catalyst for radical change, or it may lead to even greater risk aversion and a retrenchment that stifles innovation. Intellect and the technology industry have worked long and hard with the UK government to achieve change, but with mixed results. However, we are encouraged by the new government’s appetite to drive reform, and are confident that longstanding problems can be solved by bringing a joined-up government together with a joined-up technology industry.

2.6 Throughout this submission we make recommendations for how things could be done differently. The following are priorities.

2.6.1 Use private sector processes as the standard by which to measure government processes. Government is indeed different, but there’s no reason we shouldn’t aim for the same standard as the private sector.

2.6.2 First, decide your business needs. Then, decide on the technology. Department heads tend to own budgets, not CIOs. Their needs drive ICT requirements and these should be co-ordinated across government.

2.6.3 Ensure accountability and leadership. There should be Ministerial sponsorship for all large programmes, ideally maintained through transitions of responsibility. Senior Responsible Owners (SROs) of appropriate seniority and experience should lead programmes of all sizes from conception through procurement and delivery.

2.6.4 Incentivise civil servants to deliver policy and financial outcomes. Civil service bonuses should be explicitly linked to delivering policy or cost reductions. Overseeing a significant technology-enabled business change programme should be a requirement for reaching the top.

2.6.5 Follow through on reforms to procurement. The Efficiency and Reform Group has taken a number of steps to take procurement reform to the next level. We are keen to see this work accelerated and initiatives implemented.

2.6.6 Suppliers have some great ideas. Listen to them. Engaging with suppliers, large and small, is key to understanding the art of the possible. Ideas that could save greater than £1m or 5% should be reviewed with permanent secretaries or Ministers. As part of the transparency agenda, these ideas and the subsequent decisions made could be published online.

3. Responses to specific questions

3.1 How well is technology policy co-ordinated across Government?

3.1.1 Despite many hours of debate in CIO/CTO Councils, OGC/ERG and the Cabinet Office, there is little evidence that, even if a cross-government policy for technology exists, it has had any major positive impact. Some commonality is emerging in specific areas, such as information assurance, but government departments and agencies often resist centrally driven policy.

3.1.2 If the government wishes to be regarded as a single customer by suppliers, it must behave as one. All across the public sector, departmental heads own budgets, not CIOs. Their needs drive ICT requirements and they are often not co-ordinated. Policy should therefore be co-ordinated at the business process level; co-ordination of ICT standards will follow. Does a change make the citizen’s or user’s job easier and does it reduce administration and increase service? If not, why are we doing this? These should be the questions asked. Instead suppliers are always asked about technology and price.

3.1.3 Strategic supplier engagement has been effective in the past (eg through the Strategic Supply Board) in bringing government together with the industry to find solutions to shared problems. This type of collective action is vital to the success of government.

3.2 How effective are its governance arrangements?

3.2.1 Budget holders prioritise according to their business needs and implement governance accordingly. Technology governance will be, and has been, a secondary requirement.

3.2.2 Governance is generally effective on a departmental/agency/authority basis, but not across government. Revenues and benefits systems, for example, could be very usefully standardised across local government to link with DWP’s systems. Instead, local government is still using a variety of systems at a great cost premium.

3.2.3 Monitoring and tracking of implementation leaves much to be desired – there is no standardised mechanism for proof of value or re-use, little use of benchmarking and poor attention to return on investment or total cost of ownership.

3.2.4 The Gateway and Major Projects Review processes were designed to intervene in major projects that didn’t have upfront business cases or demonstrated signs of going off the rails. Many of these reviews have become box-ticking exercises. As a consequence, projects that aren’t fit-for-purpose are not stopped or re-scoped.

3.2.5 The new government is starting to make a positive impact, with the creation of the Efficiency and Reform Group, the role of government COO, and the drive to mandate policies and consolidate solutions from the centre. It is too early to tell how the ERG will impact major project delivery but the Major Projects Review Group’s new processes are designed to intervene more directly. These may serve as effective mechanisms for central government, but the wider public sector is another matter.

3.3 Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learnt and applied?

3.3.1 While some lessons have been learnt and applied, the same mistakes are repeated over and over again. In fact, the recommendations from ‘Getting IT Right’ [1] , published 11 years ago by Intellect’s predecessor, the CSSA, remain valid. We still need a single, stable source of strong leadership, a modular approach to delivery, and early engagement with a broad spectrum of the industry to highlight opportunities and challenges.

3.3.2 More work needs to be done to improve business planning, defining outcome-based requirements and managing projects. Government is not good at drawing a line under requirements, and continuous redrafting adds delay, cost and complexity. It is far better to get a base-line service in that works and build on it at a later stage. There also tends to be too much focus on quick wins, avoiding the real challenges.

3.3.3 In general projects should not be implemented with a customer vs. supplier mentality, but instead delivered in partnership. A silo approach is inefficient; a programme approach based on strategic needs would be preferable. Additionally, traditional project implementation methodologies (eg ‘waterfall’) are less appropriate to ‘the new world’, where rapid prototyping can achieve faster time to market at lower risk and cost.

3.4 How well is IT used in the design, delivery and improvement of public services?

3.4.1 Technology tends to be considered separately from business change. The traditional ‘design everything up front’ approach to requirements specification and contract terms prevents the industry really engaging to support improved outcomes. This leads to technology being shoehorned into set practices rather than informing or shaping new ways of doing things.

3.4.2 Most government services are underpinned by ICT. DirectGov, the Pensions Advisory Service and Self Assessment online, for example, have used ICT to help provide real value. Much more is possible, however. In the future it should be possible to have one secure entry point to access the relevant information concerning individual citizens, including tax and benefit information. Online interaction between the individual and government concerning any errors, actions or updates should be possible.

3.4.3 Delivering services online will not necessarily be the best or only option, but technology generally helps to substantially improve services and cut costs. Therefore, when determining solutions to their business needs, government budget holders should operate on a ‘digital by default’ basis and provide clear justification for running services in other, more costly ways. The corollary to this is to turn off the other ‘channels’ once digital services are running effectively to avoid costly duplication of processes.

3.4.4 Improvements to government business processes have lagged behind those in the private sector. Government is indeed different. Nevertheless, the private sector should be used as a benchmark. Government non-executive directors should be an excellent source of information on best practice.

3.5 What role should IT play in a ‘post-bureaucratic age’?

3.5.1 Technology-enabled change can transform citizens’ interaction with government. Transparency of information will enable public accountability and better engagement with the democratic process. Open public data will allow developers to design services that meet the needs of citizens – the apps created around the London cycle hire scheme are a good example. The government skunkworks and technology demonstrators will be used to quickly look at how things might be done differently or better.

3.5.2 ICT is a tool to satisfy the business requirements of the day. In the past, ICT has been perceived as a ‘business cost’. In the post-bureaucratic age it should be a key enabler within the new government’s strategy, assisting to fix problems, but this must work hand in hand with policy and process change. A better way of looking at this question might be, ‘What changes in government business requirements will emerge in a post-bureaucratic age?’

3.6 What skills does Government have and what are those it must develop in order to acquire IT capability?

3.6.1 In general the government IT profession has made some good progress to develop key skills. At present there are high levels of various skills all over government. ‘Intelligent customer’ skills can be quite good in individual departments, but not across the board. Project and change management skills are lacking. More people are needed who thoroughly understand the government’s business priorities, suppliers and contracts.

3.6.2 The challenge for government is using the most skilled people for the right jobs in the right places. Centres of competence and real technical experts are not generally recognised across government, and there is little attempt to reuse existing skills and experience. This more of a management issue, as opposed to an underlying ICT issue.

3.7 How well do current procurement policies and practices work?

3.7.1 The procurement process is lengthy and cumbersome (especially counterproductive when procuring technology due to its rapid evolution). Procurement varies widely and depends on the maturity of the government customer. Some government bodies procure very professionally and efficiently. However, government procurers often focus on following all the rules, as opposed to common sense.

3.7.2 Government customers operate in an environment that allows little ability to take risks, where there is an increasing prevalence of legal challenge, and where they are encouraged only to meet the aims of their respective departments. Proper due diligence, feasibility studies and planning are often poorly conducted at the expense of the procurement process further down the line. Requirements are based on technology specifics instead of business and performance outcomes, and these are sometimes set without engaging potential suppliers at all before going to market. There are stacks of overlapping framework agreements across government that are never used.

3.7.3 Intellect has done a huge amount of work with the government over the years to develop potential improvements, but implementation has been slow. Our top-line recommendations are the following. Senior leadership is vital. Procurements should be led by the SRO, not procurement professionals. This should be mirrored by a senior lead on the supplier side – a Senior Responsible Industry Executive. An elite team of government advisers that provides support across government combined with boiler plate contract terms and other paperwork will help minimise the need for external third party advisers. SME participation can be improved by using iterative and incremental procurements to prove and pilot potential solutions before wider roll-out.

3.8 What infrastructure, data or other assets does government need to own, or to control directly, in order to make effective use of IT?

3.8.1 This is dependent on the processes to be supported, so mature government-industry dialogue on who should own what is required. Except for very high security work, the government has no inherent need to own or control infrastructure and data assets. Government will likely wish to own or control its business critical processes; however, support systems can be run by other organisations at much lower cost.

3.8.2 Despite large-scale virtualisation in the private sector to sharply reduce operating costs, there has been little progress towards consolidating the approximately 200 data centres across government. Is there a need for government to own its data centre estate? Why not simply outsource data centre capacity progressively, starting with the least-efficient facilities? In addition, secure ‘public clouds’ (applicable to up to 85% of government requirements) could serve as a catalyst for greater use of standard infrastructure and back office services at very competitive prices.

3.9 How will public sector IT adapt to the new ‘age of austerity’?

3.9.1 Austerity is already forcing some behavioural change and increasing the pace of collaboration. However, budget cuts could lead to even greater aversion to risk in the public sector and a hunkering-down mentality that stifles innovation. In fact, technology companies are reporting an overly-conservative approach appearing in many areas of government.

3.9.2 To ensure budget cuts lead to productive change, radical decisions need to be taken at the business level and civil servants need to be incentivised to take calculated risks. For example, civil service bonuses should be explicitly linked to the delivery of policy or financial outcomes, and overseeing a major technology change programme should be a necessary step for reaching the top.

3.9.3 Sweating assets will likely be a popular short-term strategy, but this is not a long-term solution. Greater agility and the ability to modernise easily and cheaply will need to be the focus. A strong centre can help by providing a core, intelligent customer function. Many technology-enabled reform initiatives with the potential to improve services and cut costs have been on the table for at least two years; these should be put into action as soon as possible. More generally, it would be beneficial for government and industry to work together to explore new financial models, taking into account companies’ focus on in-year revenue and the government’s focus on savings in-year or over the life of parliament.

3.10 How well does Government take advantage of new technological developments and external expertise?

3.10.1 Progress has lagged far behind the private sector. Cloud computing, for example, holds enormous potential to cut costs and change government’s service delivery model, but adoption has been slow. Government’s access to new technology is significantly limited by its procurement processes and the high cost for new suppliers to enter the market. In a more service-oriented world this wouldn’t matter as suppliers would develop or incorporate new technology in order to drive prices down or profits up.

3.11 How appropriate is the Government’s existing approach to information security, information assurance and privacy?

3.11.1 Security needs to be infused into government’s DNA.  However, the levels of security provided need to be commensurate with the respective services.  Costs to develop high security systems outweigh the need to secure certain types of information.  Currently, some security criteria are applied to all levels of documentation or service irrespective of the sensitivity and nature of the material, significantly increasing complexity and cost.  The government’s existing approach risks blocking its ability to take advantage of major developments that could help drive out cost and increase flexibility.

3.11.2 Recently, there have been some positive developments to how government addresses data handling and information security. Since the data losses in 2007-08, government and industry have focused on resolving problems in the government’s supply chain through the Information Security & Assurance Board. The board has proved a successful partnership between government and industry and could be used as a model for broader information assurance and cyber security challenges.

3.11.3 Common commercial standards of data security and privacy should apply to many areas. A better question here might be, ‘Who should decide the exceptions to adopting private sector data and privacy standards and what process should be used to make those decisions?’

3.12 How well does the UK compare to other countries with regard to government procurement and application of IT systems?

3.12.1 The US has similar challenges, recently finding "another 1000 data centres" and declaring they were losing the cyber war.

3.12.2 Most European countries have far fewer government departments than the UK. Many have one Department of Finance, for instance, which would handle all responsibilities currently held by HMRC, DWP and HM Treasury in the UK. Europe also has a much larger regional government structure that is less centralised, which keeps projects smaller. This has made it much easier to procure and implement ICT systems.

3.12.3 In some areas the UK has led the way. For example, the Netherlands is adopting our Concept Viability [2] approach and Australia is adopting the procurement pre-qualification tool and IT supplier code of best practice.

January 2011


[2] n ceptviability