From the PAC's 40th Report - ICT in government.
1. We welcome the direction and principles of the Government's new strategy for ICT (the Strategy), but it is very ambitious and short on detail about how it will be delivered. There is a long way to go before government can say it is living up to its claim that there is "no such thing as an IT project". This can only be achieved when ICT is embedded in departments' business and government reform programmes have ICT at the core - key objectives of the new Strategy. The following recommendations are intended to help Cabinet Office's Efficiency and Reform Group (ERG) to tackle some of the challenges that lie ahead.
2. The Strategy lacks a baseline or metrics to measure progress. Simply listing actions to be achieved within two years is not sufficient. The Strategy implementation plan, due to be published in August 2011, should include a small number of measurable business outcomes, or direct indicators, to enable government and this Committee to evaluate success and whether the Strategy is delivering value for money.
3. The Strategy cannot be delivered by the Cabinet Office alone - its successful implementation relies on its new principles being adopted across the government ICT and supplier communities, Chief Information Officers and by policy makers in the wider civil service. The Strategy envisages a small but powerful capability in the ERG, which can control and intervene in departments' projects. To be effective and successfully deliver its strategy for ICT and major projects, ERG should use its new powers selectively and be able to demonstrate that it has achieved buy-in from departments and suppliers.
4. ICT-enabled projects have been too big, too long and too ambitious and we welcome the move to shorter, more iterative projects. ERG is introducing 'starting gate reviews' for new ICT projects to test whether projects are small enough and deliverable. It should publish its 'starting gate reviews' and other significant reviews carried out over the life of the project.
5. Value for money in ICT procurement relies on a mixed market of suppliers. The Strategy includes an aspiration to open up the government ICT market to small- and medium-sized enterprises (SMEs). ERG now needs to set out what the Government will do to encourage more involvement by SMEs, and how it will measure success.
6. The Government plans to move more public services online and, rightly, to stress the importance of designing services around the needs of the user. However, approximately nine million people have never used the Internet, and they must not be excluded. ERG and other relevant departments should withhold sign-off of additional online services until they are satisfied that the service is designed for users. ERG should also continue to ensure that online services are accessible through libraries, post offices or other alternative means. When new services are launched, these alternatives should be well publicised.
7. The Strategy only makes one reference to cyber-security. This is particularly concerning given the move to more government services online. The Government has committed to increase the use of new technologies and sharing of information, which rely on the Internet. ERG should clarify in its implementation plan how cyber-security will be integrated into its strategy for ICT.
8. Government has not yet assessed the number of ICT people it has or the capacity and skills it will need in the future. In preparing its Capability Strategy for ICT, ERG should establish the size and capability of the existing government ICT workforce, including the number of cyber-security professionals, and build a model to help predict future demand.
9. There are no proposals in the Strategy to address the longstanding problems of high turnover of Senior Responsible Owners (SROs), their lack of experience and their lack of accountability. While we recognise that shorter, more manageably-sized projects will help, the ERG should make proposals to keep SROs in post for longer where possible, and raise and maintain their level of skills, in line with the Government's advice on accountability. The identity of SROs should be available on departmental websites, along with their dates of appointment.