Founding Member of FormIGA – the global Industry for Good Alliance

Can Martin Read even begin to save Whitehall's IT strategy?

26 Jun 2008 12:00 AM | Anonymous
This week finds the Government's IT programmes and data security policies seemingly on the point of meltdown. A week is a long time in politics, as we all know, but is one year enough time to clear up decades of mess and mismanagement?

I ask as former CEO of Logica, Martin Read, is hired by the Government to cut public spending in the IT sector, at a time when some public sector IT projects either seem out of control, mired in controversy and recriminations – or both.

In his 12-month tenure, Read will report to the Treasury, in a role that includes standardising business processes and cross-departmental compatibility, and improving procurement. Significantly, he will be able to abandon failed projects. However, it's unclear if he will be able to prevent misconceived ones, such as the national ID card scheme, from starting.

With the Government under pressure to tighten its spending on, and control of, large-scale technology projects, Read's own appointment may itself be subject to controversy and potential recriminations. First, it will accelerate and deepen Whitehall's relationship with the private sector – conceivably touching upon the Government's involvement with venture capitalists in the funding of innovative start-ups (reported in Editor's Blog earlier this year).

“The private sector has made significant strides forward in this area in recent years, and my work will examine the scope for the public sector to benefit from this experience,” Read said in a statement.

But is the private sector the answer to Whitehall's ills? Ask Fujitsu. Last week the Public Accounts Committee (PAC) sat at Westminster to hear about the conract debacle that led Fujitsu to walk away from discussions with the NHS – a story that calls into question the viability of the National Programme for IT.

Fujitsu executives told MPs that constant local modifications coupled with the withholding of funds forced the outsourcer's hand. The changing terms of the contract would have been unaffordable, claimed Peter Hutchinson, UK public services group director at Fujitsu Services, who said there had been over 600 such alterations.

Away from the NHS specifically, the second problem with Read's appointment is organisational and personal: his remit clashes with that of Government CIO John Suffolk – at a time when Whitehall needs a firm hand on the tiller, not management fudge and infighting.

Add to this the further question: is he the right man for the job? New Logica CEO Andy Green, who took charge in January this year, has said he wants to reduce costs and minimise job duplication, suggesting he inherited an inefficient organisation – and one that Green is having to give a new focus to.

Now, while Read's appointment is belated evidence that Downing Street acknowledges the problem, the priority is surely a cultural, bureaucratic, and managerial one. Escalating budgets are the natural concomitant of that.

Put simply: we have a slow-moving, Victorian, centralised bureaucracy with a 21st century veneer of modernity. That Whitehall is attempting to force-feed poorly conceived, complex, fast-moving technology projects to local areas that have differing needs and financial strictures.

Allied to this is a problem that the idealistic Tony Blair created: the belief that Modern governments need Modern solutions. In other words, see everything as a technology problem (rather than a people one or a data one), and get specifying.

You only have to take a step back to see the bigger picture: also in the news this week are stories that local authorities have been warned against the widespread practice of using technologies installed to prevent serious crime to snoop on citizens going about their daily business.

It's a sad fact that if people can misuse IT systems in the public sector, they will and at the highest level, because the cost imperative of saving money mandates it strategically.

CC TV cameras are one abused technology, but a more insidious one is the local authority use of Citizen Relationship Management technologies (public-sector CRM) to withdraw essential services from antisocial or slow-paying residents.

The private sector isn't immune either: witness our story this week that one third of IT managers use Administrator access privileges to snoop on confidential data.

However, the cultural mismatch between people and technology usage is a real problem in the public sector in particular, because it is in the employ of the people. For example, the Information Commissioner has this week established that few Whitehall departments have any real idea of their legal responsibilities under the Data Protection Act, and fewer still have any idea of how to manage IT systems securely.

His findings were made public this week as two government departments face enforcement action under the Act: HM Revenue and Customs, and the Ministry of Defence. Both departments have been in the spotlight this year for serious breaches of data security, along with the Home Office and the NHS.

The Independent Police Complaints Commission (IPCC) and Poynter review found that there was a lack of meaningful systems, no understanding of the importance of data security and a "muddle through" culture at HMRC when it lost 25 million benefits records in internal post.

HMRC was described as having "an organisational design which was unnecessarily complex and crucially, did not clearly focus on management accountability".

The MoD's loss of 600,000 personnel details was slammed in a report by Sir Edmund Burton, who also blamed poor management. The MOD'S Chief of the General Staff has ordered an inquiry to investigate whether there are grounds disciplinary action.

Information Commissioner Richard Thomas, said: "The reports that have been published today show deplorable failures at both HMRC and MoD. Information security and other aspects of data protection must be taken a great deal more seriously by those in charge of organisations.

"It is beyond doubt that both Departments have breached Data Protection requirements and we intend to use the powers currently available to us to serve formal Enforcement Notices on them."

These are the three issues that Government really needs to consider, Mr. Read: people, people, and people.

No future, massive public-sector IT programmes should even be considered unless someone has put people at the 'coal face' first, followed by management and culture.

But the first questions to ask are: what is this project really for? Who will use it? And how? If no one has an honest answer to those, then abandon that project before you've called in the consultants and reached for the chequebook.

Powered by Wild Apricot Membership Software