It is looking at the Government’s overall strategy for IT including how it identifies business needs, the effectiveness of governance arrangements, and procurement policy and practice.
Informally I was one of those asked to provide written evidence. This was my submission.
I have written on the failures of public and private sector IT projects for more than 20 years. I co-authored a book "Crash" on the lessons leant from the world’s largest IT failures. Since it was published in 2000 little has changed.
A few points:
1) The media is often blamed for the perception that central government is poor at managing large IT-related projects, and that successes go unpublicised. From the £17bn or so spent each year on government IT one would expect many successes without any necessity to report on them in the media. You would not expect journalists to stand on the observation deck at Heathrow and report on planes that land safely. That said, there are lessons to be learnt from IT successes, but Whitehall does not have a culture of reporting on what it has done well or badly. When for example I asked HMRC for its reports on lessons learned from its projects, it told me it does not publish them, nor would it at my request.
2) Flying is such a safe way to travel in part because of the diligent reporting of failures and the lessons learned from fatal crashes. Government IT failures tend not to harm people, although there are arguments in the safety-critical community about they can, in failed deployments within the NHS and MoD. The perceived absence of harm to people means there is no imperative to learn lessons, and no structure for doing so. The NAO has published eight common causes of IT failure and departments are expected to confirm that their projects take these into account, but it’s not unknown for officials to sign off without complying. This underlines the point that Downing Street, the Cabinet Office and the NAO can ask, but not compel, departments. Gateway reviews are supposed to be mandatory but departments sometimes avoid them; and they are supposed to publish Gateway reports by the end of December 2010, under Cabinet Office plans. Most have not.
3) Civil servants sometimes end up in the companies their departments have awarded contracts to. Cynics refer to this as the deferred pension plan. The implication is that civil servants can be tough on suppliers, but not too tough.
4) Truth is hard to get at after a large project has run into serious difficulties. This is also a problem in the private sector. A ten-year legal dispute between HP and BSkyB did not reach any agreed conclusion on the cause or causes of an IT project failure. There was even a dispute over whether the project was a failure. It was a similar story in a dispute between British Gas and Accenture. Long and separate official inquiries into the loss of the Challenger Space Shuttle did not reach agreement on the underlying causes. There is an argument today on whether the NHS IT scheme, the NPfIT, has been a success or a disaster.
Departments - and suppliers - sometimes portray disasters as an invention of the media. If there isn’t an official acceptance a project has failed it’s unlikely any lessons will be learned from it. Facts are sometimes hidden even from the NAO.
5) Projects are sometimes started on the basis of a culturally-accepted deception. It was known within the Department of Health that the National Programme for IT in the NHS would cost £5bn and take three years. It was announced as a £2.3bn programme, then a £6.2bn programme which would be completed in 10 years. It later became a £12.7bn programme which had no end date. The Department of Health has always argued that the programme is within budget. The Defence Information Infrastructure project was announced to Parliament as a £2.3bn project when it was estimated internally to cost, potentially, £7bn. A civil servant told me that project costs have to be underestimated to obtain Treasury approval.
6) Departments are sometimes locked in unnecessarily to large suppliers and accept "service credits" as compensation for poor service and project delivery. The departments want successful projects and good service rather than compensation. I hope that Coalition plans here will make a difference.
7) Government does not sue its largest IT suppliers, perhaps because it considers it unfair to put civil servants in the witness box, especially if they have moved jobs. This unwillingness to sue makes the relationship unequal almost from the start. It is one reason government may be congenitally ill-suited to managing large IT projects and programmes.
I hope that these points cover most of the questions the committee has asked. I am not qualified or able to write on the strength or otherwise of the government’s IT security arrangements.