This article is more than 1 year old

UK government isn't keeping track of the risk posed by legacy systems, says Central Digital and Data Office

New system hoped to launch next year that will help prioritise spending

The UK government currently lacks a central, dynamic list of its legacy computing estate and the risks associated with ageing IT infrastructure and applications, Joanna Davinson, exec director at the Central Digital and Data Office (CDDO), has told MPs.

But she said the Cabinet Office, which encompasses CDDO, was working on such a system, aimed at helping prioritise spending, which her team hopes to pilot this year and launch in January.

"I acknowledge that it's not as systematic as it should be at the moment, but we've got an initiative in place," Davinson told Parliament's public spending watchdog, the Public Accounts Committee.

The need to understand the risks involved with maintaining legacy IT systems was brought into focus last week when the National Audit Office revealed an ICL mainframe from the 1980s was one of the systems implicated in an underpayment of state pensions by around £1bn.

Davinson, whose office was created last year as the new strategic centre for government activity in "digital, data and technology", said: "We do have information in the centre around what legacy systems are out there… what we don't yet have as clearly as I would like is an ongoing process for really assessing and understanding what our cross-government legacy risk looks like, and in what direction it's going, and where do we need to intervene."

During her tenure as chief digital, data and technology officer at the Home Office, Davinson oversaw the troubled implementation of the Emergency Services Network, delays to which would cost £550m in maintaining legacy systems.

She told MPs last week that her office was working with departments to create "a framework for assessing legacy risk" to offer a "clearer picture across government, be more transparent and also help us in conversations with funders, such as Treasury."

The CDDO is currently piloting a tool with three departments in the hope of launching it across government from the beginning of 2022.

The move comes as the government is hiring external help in part to justify spending on legacy systems and the transition to more modern technologies. McKinsey won a £3m, eight-week contract to build business cases ahead of the Spending Review '21.

The role, which could see the international management consultancy influence government technology spending priorities, was described as one which would "design the cross-departmental approach to tackling core digital, data and technology (DDaT) priorities, developing cross-government business cases and work plans."

Meanwhile, IBM UK and Ireland exec Dan Bailey has been seconded to the Cabinet Office for a six-month contract as interim chief technology officer. The Register has confirmed he was hired last month by 29-year Big Blue veteran Joanna Davinson, who was herself recruited as exec director for the CDDO within the Cabinet Office in February.

A report by the Modernisation and Reform group published in July indicates £2.3bn of the £4.7bn UK government spent on technology in 2019 was dedicated to "keeping the lights on" activity on "outdated legacy systems". Further, the report projected that £13bn to £22bn could be wasted in the same way over the next half a decade.

Technical debt "brings a number of challenges including very high 'keeping the lights on' maintenance costs, data and cyber-security risks, and an inability to develop new functionality on technologies or systems that are no longer widely supported.

"The challenge is by no means limited to Government services as there is a universal temptation to invest in new feature development vs. the “worthy but dull” task of ensuring security and stability in the underlying platforms. But the situation is particularly acute across multiple Government Departments."

The report highlighted the example of the Home Office - the Department with the highest tech spending - saying it has a clear understanding of the associated risks of legacy IT after thee to four years of efforts but "has no been able to retire any of their twelve large operational legacy systems". ®


More about


Send us news

Other stories you might like