UK govt signs IT contracts 'without understanding' the needs

NAO also sees a lack of digital knowledge at top of civil service

The UK government can be prone to signing contracts for major IT projects before it has a good understanding of the requirements, according to a National Audit Office (NAO) director.

Speaking at a Whitehall event examining priorities for the Central Digital and Data Office, the Cabinet Office's central technology team formed a year ago, Yvonne Gallagher, digital director of the NAO, said engaging commercial partners on major IT projects was "problematic on all sides."

"We found in large scale programmes that, before things start for real, [there is] insufficient thinking, analysis, architecture and design. Often this is actually skipped over," she told the Westminster Forum event yesterday.

Contracts tended to be created on the basis of outline business cases for projects "without a very good understanding of the requirements," she said.

"Putting contracts in place too early means that the detail of requirements and complexity start to emerge over time as the programme gets underway," Gallagher told the conference. "It can be a considerable time before they are all known and months can go by in the programme, and then it hurts both sides when all parties get to really understand what's going on, but delivery arrangements have already been fixed with inflexible contracts. I think this is what we see as a major issue that needs more thought [through]."

In its report last year, the NAO singled out the government's hapless Emergency Services Network for being overbudget and overdue. It said the project's costs went from £6.2bn in 2015 to £9.3bn in 2019 – an increase of £3.1bn – while the schedule slipped seven years behind.

Joanna Davinson, who in her role at the Home Office spent the last three years overseeing the ESN, was appointed to executive director of the UK government's Central Digital and Data Office (CDDO) last year. She is now set to leave her post.

Too few of the most senior civil servants understood digital change projects, Gallagher said, creating risks that they might fail.

"There are generalists in government – I'm not talking about digital specialists – who make a lot of the decisions about the scope, shape, and potentially the outcomes of major digital programmes, when really they are not qualified to do that. Within this, there are often unrealistic ambitions for untested technologies. Anything to do with overambition and then cutting-edge technology is a major problem."

The problems created by a lack of digital knowledge in senior management extended to managing and migrating from legacy systems. "It means that whilst we have in government a lot of very experienced CIOs, sometimes they just aren't listened to because the non-digital leader can't really understand or fathom what it is that the CIO might be telling them about some of the risks and complexity involved," Gallagher said.

The NAO director said the number of cross-government projects over the last 25 years revealed how difficult it is to achieve results.

"The ambition for world-class services using joined-up systems and data goes back to the mid-1990s. And from there we can trace a steady stream of policies and initiative right through to the national data strategy in the late 2020s. They've all been good strategies. Most of them cover similar ground. But for us that really points to how hard genuine transformation is. The fact that government has repeatedly set out this vision for radical digital change – and really the pace has been so slow – we had to conclude that it underestimated how easy it is to achieve change in the real world."

Megan Lee, CDDO director of strategy performance and operations who was also speaking at the event, said the CDDO had established a group of permanent secretaries, the most senior civil servants in each Whitehall department.

"Recognising that digital and data is inherently part of how we all do business, we've established a permanent secretary level digital and data board to raise the profile of our agenda across government. We're [also] strengthening our links to communities in the transformation space, in the operation space and beyond," she said.

Lee joined the CDDO from management consultancy McKinsey, which last year won a £3m government contract "seeking expert consultancy support to design the cross-departmental approach to tackling core digital, data and technology (DDaT) priorities, developing cross-government business cases and work plans."

Last summer, an independent report on Organising for Digital Delivery written by the Digital Economy Council, warned of "uncertain quality of technical product delivery" with central government. It added that projects would fail due to a failure to support best practise. ®

Other stories you might like

  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading
  • In record year for vulnerabilities, Microsoft actually had fewer
    Occasional gaping hole and overprivileged users still blight the Beast of Redmond

    Despite a record number of publicly disclosed security flaws in 2021, Microsoft managed to improve its stats, according to research from BeyondTrust.

    Figures from the National Vulnerability Database (NVD) of the US National Institute of Standards and Technology (NIST) show last year broke all records for security vulnerabilities. By December, according to pentester Redscan, 18,439 were recorded. That's an average of more than 50 flaws a day.

    However just 1,212 vulnerabilities were reported in Microsoft products last year, said BeyondTrust, a 5 percent drop on the previous year. In addition, critical vulnerabilities in the software (those with a CVSS score of 9 or more) plunged 47 percent, with the drop in Windows Server specifically down 50 percent. There was bad news for Internet Explorer and Edge vulnerabilities, though: they were up 280 percent on the prior year, with 349 flaws spotted in 2021.

    Continue reading

Biting the hand that feeds IT © 1998–2022