Government ordered to publish reviews of risky IT projects

It is the most far-reaching decision under the Freedom of Information Act for government IT.

It is also a victory for Computer Weekly’s campaign for the release of the results of Gateway reviews on the progress of major IT-based projects.

MPs have complained that the first they knew of problems on projects such as the IT to support tax credit and child support payments was when constituents contacted them.

Our campaign has been aimed at persuading government to release information about projects in time for MPs and others to ask informed questions, and possibly avert a failure.

Government CIO John Suffolk and former government CIO Ian Watmore backed the publication of the results of Gateway reviews, as has the Public Accounts Committee.

Gateway reviews are mini-audits at critical stages in projects. The reports in question gave a red, amber or green status at each stage to help the project’s senior responsible owner decide whether to move to the next phase.

The government’s policy on Gateway reviews is to keep them confidential. All copies of a review are shredded, with the supporting material, to ensure only two reports remain – one for the Treasury’s Office of Government Commerce (OGC) and the other for the project’s senior responsible owner.

As the owner of the Gateway review scheme, the OGC had only ever published two initial reports on the ID cards scheme, and then after a three-year legal battle which involved a hearing at the High Court.
Now Richard Thomas, the information commissioner, has ordered the release of the results and recommendations of 23 Gateway reviews, including some on projects that the government says are in a “state of ongoing policy development”.

The results of the reviews would give an insight into the problems, challenges and progress on the government’s most important IT-based projects, and would allow checks to be made on the completeness of ministerial statements and assurances on the feasibility of the schemes.
Computer Weekly had asked the OGC for the results of all Gateway reviews on IT-related projects at the Home Office, Department for Work and Pensions and Department of Health.

The reviews cover NHS Connecting for Health’s e-booking system, the NPfIT Care Records Service, ID cards, the single non-emergency number and the Bichard implementation programme to join up police IT.
The OGC twice rejected our request, so we appealed to the information commissioner. In a 17-page ruling on 10 June 2009, Thomas found that the public interest in disclosure was greater than the need for continued confidentiality.

Thomas said he was mindful of the OGC’s argument that disclosure would make future prospective interviewees less willing to participate in the Gateway process, or less candid or frank with their comments.
But he was “not persuaded by this argument” because interviewees should meet the “high standards of professionalism that their positions demand”. It is up to organisations to ensure that interviewees give the quality of advice expected of them.

As Computer Weekly went to press the Department of Health decided to take the initiative by publishing 31 Gateway reviews on the NPfIT. But the OGC has not announced whether it will release the Gateway reviews we requested on projects at the Home Office and the DWP.

In ruling that the OGC should release all of the reviews we had requested, the commissioner said, “The [projects discussed in] these reports will have a significant impact on the lives of individuals and their relationship with the state. The commissioner considers that this in itself presents a very strong argument in favour of disclosure.

“The public should therefore be kept informed… as to how the programmes are progressing and what impact any of the projects will have on them.”
He added, “Disclosure is likely to enhance public debate of issues such as various projects’ feasibility and how they are being managed.”

In this last point, Thomas has explained one of the main reasons for Computer Weekly’s campaign.

Office of Government Commerce’s key arguments against publishing the results of Gateway reviews:

  • It would prevent policy formulation or development taking place in the self-contained space needed to ensure it was done well.
  • It would make policy development less effective because departments’ attention would be focused on obtaining a “green light”.
  • It would cause reports to become bland and anodyne, defeating their purpose.
  • It would make interviewees, senior responsible owners and the private sector less willing to participate in reviews or co-operate with interviewers.
  • It would cause delays in the completion of reports as words and phrases would be argued over.
  • It is unnecessary. The public interest is already met by the information about the programme in the public domain combined with parliamentary scrutiny.
  • It is unnecessary. The public interest is already met by the information about the programme in the public domain combined with parliamentary scrutiny.

Information commissioner’s key arguments for publishing the results of Gateway reviews:

  • It would allow the public a better understanding of the development of the programmes which are the subject of Gateway reviews.
  • It would allow project risks and concerns to be identified.
  • It would not damage the Gateway process in the way the OGC has suggested.
  • The public scrutiny of projects by the National Audit Office and Public Accounts Committee involve largely historical and retrospective analyses. Gateway reviews “would provide a level of public scrutiny of current projects”.
  • It would inform the debate as to the merits of the schemes, the practicalities involved and the feasibility.
  • It would ensure that “schemes as complex as these are properly scrutinised and implemented”.
  • It is unrealistic to imagine that civil servants will not participate if reviews are to be published. In accordance with the Civil Service Code, “civil servants must fulfil their duties and obligations

This article first appeared on Computer Weekly: http://www.computerweekly.com/Articles/2009/06/22/236526/government-ordered-to-publish-reviews-of-risky-it-projects.htm

What’s hot on Infosecurity Magazine?