Tuesday 18 October 2011

What is the Public Sector Network (PSN): a cloud of confusion?

Recent announcements on the ICT Infrastructure programme for the Scottish Government and press coverage have drawn my attention to the Public Sector Network programme. Read around the topic I have become increasingly concerned that this programme is seriously flawed.

In summary, the PSN programme is a programme for creating a single public sector network for all UK public sector organisations including Universities. It is a programme that appears to be driven by the need to save money and a recognition that the existing arrangements are often outdated and inefficient. However, the proposed solution is very complex and potentially costly despite being argued publicly as a mechanism for saving costs and introducing a level playing field for commercial suppliers.

But you can’t really explain this all in one paragraph, so here’s a more extended attempt to explain what this is all about, starting with a look at the background and the surprisingly ambiguous definition of what the programme really is.

Programme establishment

In early 2007, the CTO Council articulated a vision for a Public Sector Network described as a network of networks delivering the effect of a single network for the public sector. In July 2008, the Public Sector Network (PSN) programme was established by the UK Government, principally coordinated by the Cabinet Office. (PSN-OM p.10-11)

But what is it?

Below is a selection of definitions or visions of what the Public Sector Network is. These are mostly from programme documents and should give a flavour of how confusing this whole thing is.

  • A single, integrated infrastructure, delivered by multiple selected service providers
  • A ‘private network of networks’ for the public sector, addressing the various special; security, resilience, service and availability needs of public sector organisations
  • Global, including overseas posts and other international UK public bodies
  • A secure version of the Internet for the UK Public Sector

(PSN PowerPoint Presentation)


The PSN vision is one of creating the effect of a single network across the public sector, to be delivered through multiple service providers in order to ensure ongoing value and innovation. In some respects, this is similar to the Internet model, whereby “service consumers” experience flexibility and inter-working without much concern for underlying inter-network “plumbing”. However, the vision is also one of a “private network of networks” for the public sector, addressing the various special security, resilience, service and availability needs of public sector organisations. (PSN-OM, p.10)


The Public Sector Network (PSN) will change the approach to the acquisition of Information and Communications Technology by the UK Public Sector, allowing public sector customers and select partners to harness changing technology to better support their delivery of service and the transformational government agenda. This will be achieved through a commonality of standards, a customer-centric operational model and a flexible approach. (PSN-PM, p. 1)


PSN is not a physical entity.
PSN is

  • an industry standard
  • an enabler for network interoperability benefits
  • an enabler to deliver procurement effort benefits
  • a process that provides a commonality

(SG-Breakouts, p. 7)


PSN offers a vision of ICT services from many suppliers being shared across the Public Sector and delivered over a common network infrastructure, itself provided by several network operators. (PSN-Comp, p.7)


The PSN is a supply-side “network of networks”, making network-oriented services utility-like for the public sector. Hence, it is essentially an inter-working and standards framework for the suppliers of network-oriented services to the public sector, governing both interconnection of supplier services and the relevant key service characteristics/attributes that ensure inter-working and end-to-end service assurance across supplier portfolios. (PSN-GCN, p. 7)

These definitions tend to raise more questions than they answer:

  1. Is the PSN a separate physical network that duplicates the Internet but is intended just for the public sector?
  2. When the PSN documentation talks about open standards does this mean that this is technically just using Internet standards or is it actually a network running under a protocol unique to the UK public sector?
  3. Why can’t the public sector just use the Internet?
  4. If this is separate from the Internet does this mean that staff in the public sector won’t be able to access the Internet?
  5. What will this cost and how can it possibly save the government money?

Let’s try and tackle some of these.

So is the Public Sector Network a physical entity?

A breakout session of a joint Scottish Government, Socitm and Cabinet Office PSN workshop held in Edinburgh in January 2011 was clearly told that the Public Sector Network, “is not a physical entity”. But the extensive documentation around PSN includes description of the Government Conveyancing Network (GCN) - a part of PSN that “will be used to interconnect supplier data networks and other services in terms of network transport” (PSN-GCN, p. 8).

Similarly, the Operating Model document describes the PSN vision as “one of a ‘private network of networks’ for the public sector, addressing the various special security, resilience, service and availability needs of public sector organisations” (PSN-OM, p.10). If the PSN is not a physical entity then how can it possibly address issues of resilience and availability that are not ‘virtual’ concerns?

Looking at the various specification documents available on the Cabinet Office web site it is clear that the specifications include physical requirements like network timing and the implementation of domain name resolution across the network.

Ultimately the only way to make sense of all the documents and the conversations is to look at the terminology.

The truth, as far as I can tell, is that the PSN is the specification and not the network itself. Just like a car manual is not a car, the PSN is not a physical network but it does define the standards required to supply a physical network that is essential for it to run. To put this simply, whenever a document talks about the Public Sector Network you should probably insert the word “Specification” at the end. So, the phrase “The Public Sector Network is not a physical entity” should be read, “The Public Sector Network Specification is not a physical entity”, but parts of the actual network will be!

This is a very unfortunate and ambiguous choice of terminology.

What is the Public Sector Network Specification and what is the network it specifies?

So, the Public Sector Network (PSN) is the specification of a network that will deliver network services to users in a consistent manner throughout the country and even beyond the UK. These services will be physically delivered by private sector suppliers who have won contracts to deliver these services and who have met the compliance requirements set by government.

Third party private sector suppliers are providing something akin to an Internet connection, except it isn’t connecting directly to the Internet: it is connecting to a special public sector private network with what it terms, “segregated access” to the Internet (PSN-OM, p.21). This, the theory goes, allows the public sector to maintain a security separation from the Internet with communications running on networks which are provisioned to deliver higher resilience and availability standards than the Internet can provide.

So the idea is that the private sector will supply separate parts of this one single network and they will work together by virtue of adhering to the PSN specification. Hence, the PSN is not a physical network owned by the public sector: it is network that meets a specification and runs over networking hardware supplied to government by the private sector on a service contract.

Obvious!

So, why can’t the public sector use the Internet like everyone else?

This is a very good question. Indeed I would argue that this is ultimately the question that every government minister and civil servant should be asking repeatedly.

The proposed reasons why the public sector needs its own network appear to fall into the following headings:

  • For consistency across the public sector
  • For efficiency
  • For reliability and capacity
  • For security

Let’s take these one at a time.

Consistent networking across the public sector

The truth is that, to the present day, the public sector is a mish-mash of networks developed independently and often intended to be kept separate from each other. The need to bring these networks together to allow for sharing of information and intercommunication is hard to deny.

But given a choice does it makes sense to standardise on the networking standard of the world or create a unique one for the UK public sector?

Efficiency of delivery, procurement and maintenance

Maintaining the current range of networking services across government is undoubtedly more costly than it needs to be. It makes sense to standardise the platform so that procurement is less costly.

But what is the least costly option, servicing a network that is unique to the UK public sector or servicing a network like every other private sector business in the world?

Reliability and capacity

Enabling the public sector to share a common network that can balance the varying peaks and troughs of demand across services is a good way of dealing with capacity needs where individual and separate networks would be constrained by their individual capacities. Setting standards for the delivery of these networks can help to ensure that the networks are reliable.

But this concept of shared networking is the basis of the Internet. If capacity and reliability requirements genuinely demand more control there is no reason why the public sector couldn’t have a dedicated physical network running on the standards of the internet. In effect this is the model of the UK Joint Academic Network (JANET) used for many years by Universities and Colleges throughout the UK.

A secure network

Clearly the public sector deals with information of a private nature some of which concerns the security of the nation. So, do we need a separate network or unique networking standards in order to deliver the levels of security required?

It turns out that this question is answered by the specification of the PSN itself. It says quite clearly that it is possible to deliver all the security levels required over an “untrusted” network like the Internet.

Coupled with encryption technologies the authentication of individual devices will enable the sharing of information across the same PSN infrastructure from IL0 to IL4. (PSN-OM page 20)

(“IL0” (Impact Level 0) refers to “untrusted infrastructure” for example, the Internet. In other words, the PSN can operate over the Internet. So the special security needs of the public sector do not appear to mandate a PSN.)

The truth here is that much of the public sector has taken a “walled garden” approach to security. The idea is that you create a safe network within which public sector users can operate without worries of outside intrusion. Just like some secured government building, the security checks are made at the exits and entrances so that everyone inside feels safe to walk around with freedom and security. Unfortunately this isn’t really very secure at all. As soon as someone gets into the building they can access anything and everything.

So what do banks and security conscious companies do? They may provide a private network for employees but ultimately they make sure that data and systems that need to be secure are individually secured to the level commensurate with the data risks.

If the public sector took the same approach they could also operate on the standard internet like everyone else does.

So why are we doing this?

It is very hard to see any real justification for the Public Sector Network programme in its current form. So, how has it come into existence and why is it going ahead?

I can’t claim to know why the PSN programme happened but I can make some guesses:

  1. In the absence of technical guidance it is quite possible that the public sector decision makers didn’t realise that they might be able to make use of existing technologies to replace all the complex networking systems that are currently in use. From that standpoint the idea of setting up a programme to design a whole new public sector network specification may have made complete sense.
  2. Security always has a high profile and leads the public sector to demand the highest possible security standards in some things whilst completely failing to address the obvious issues like the unencrypted laptops, CDs and memory sticks that keep hitting the news. The security provisions in some parts of the public sector are so awkward that they practically force staff to ignore them in order to get their work done. Faced with pressures to be secure it is not surprising that non-technical decision makers probably ruled out the Internet as a viable option even despite then producing a specification that allows the Internet to be used!
  3. The need to cut costs has resulted in a massive focus on centralised purchasing and procurement as an apparently obvious way of gaining ‘economies of scale’. This principal is much more widely applied than it is understood. Consequently it doesn’t surprise that government decision makers might feel that it would be better value for money to procure a government specific system for the whole of the country, than let individual regions procure an internationally standard system locally. In reality the latter is almost certainly more cost effective than the former and a lot easier to organise as well.

Tuesday 23 August 2011

COSLA Police Summit - 23 Aug 2011

Concerned by the way things appear to be going with plans for a single force in Scotland, I attended the COSLA organised “Police Summit” today in Edinburgh.

Here are some very brief notes:

  • It was reassuring to find that there were plenty of people there who were well informed about the limitations of the published reports presenting the various options. Colin Mair (Chief Executive, Improvement Service) did a particularly fine job of pointing out issues with the business case document.
  • I was shocked to discover that the leaders of Scotland’s main police bodies had seen nothing of the outline business case document. It put my failed attempt to see the document - as a member of the public - into perspective!
  • A running theme was that nobody knew what a proposed single force would mean in terms of accountability. Would it devolve power to local police or centralise it in the Scottish Police Board? Who would elect the members of the Police Board? How would the police interface at the local council level?
  • A number of people I spoke to one-to-one said that they recognised that we couldn’t stay with the eight forces model in the current economic climate. I asked why and discovered that they were just assuming that reducing the number of forces would reduce cost!
  • A number of the propositions and views seemed to suggest, more or less directly, that ACPOS (the Association of Chief Police Offices of Scotland) had historically acted as a barrier to change. There was a suggestion that, for some, the single force model had the attraction of bypassing the power of ACPOS. This provides a possible explanation why some may be pursuing a single forces model even if it doesn’t provide substantive cost savings over other options.
  • The consensus was that the SNP had decide to maintain its manifesto commitment to a single force and was unlikely to shift from this. However, there was also a suggestion that there might still be time to impact the government’s perspective on what a single force actually means.

Friday 19 August 2011

A single Police force in Scotland, a single Fire and Rescue service in Scotland - a costly change for no good reason

Why does centralisation save money?

A common theme in Scottish public sector thinking right now is the cost saving benefits of centralisation. If rumours are true then the Scottish Police forces, and the Fire and Rescue services are to be merged and centralised. Why? Because, it seems that there is a common unspoken understanding that centralisation, whether we like it or not, will save money.

You might imagine that reading recent government reports on these initiatives would explain some of the reasons why centralisation might bring savings. But you would be sadly mistaken. From the document "Sustainable Policing Project - Phase Two Report: Options for Reform" the nearest thing to an explanation of the benefits of centralisation is the sentence on page 5:

"The single force model represents the most significant change; however it provides the greatest opportunity to manage change, drive efficiency and in delivering operations when the change is complete. The eight force model represents the opposite."

In other words, there is no explanation of the benefits of centralisation. As readers, we are expected to accept - without question - that the author of this report is right in saying that single force is best.

This assumption is then reflected in the traffic light style summary of the report on page 62 (reproduced below). If you have a spare moment you might like to try (as I did) to go back through the document and uncover the justification for the colour coding of this:

Scottish Fire and Rescue

The Scottish Government consultation "A Consultation on the Future of the Fire and Rescue Service in Scotland" takes a similar approach to explaining the need for change when it introduces the subject on page 2:

"Many people, both in the SFRS and beyond, now accept that the current structure of eight Services supported by some national support services is unsustainable over the medium-term."

As readers we are clearly expected to agree with this statement because the people are unnamed and the argument is completely unsubstantiated.

Oddly, on page 5 of this report there is a nod towards decentralisation that is repeatedly scattered through the report from then on:

"To ensure that we can deliver the best possible outcomes for the people of Scotland, we want to see a context in which: the full benefits of the SFRS are de-centralised as far as possible…"

But the application of this principal within a single force is finally explained on page 21:

"A single service offers the best opportunity for de-centralising as many elements of the business as possible across Scotland. Under current structures resource cannot be transferred between services. A single service would give us the flexibility to de-centralise and move resource to meet specific, identified needs wherever they occur in Scotland."

In other words, the word "de-centralised" is included in the paragraph to make it appear that de-centralisation is happening when it's actually centralisation. Interestingly the paragraph also claims that current structure prevents the sharing of services when clearly this is not the case and the recent English riots is one well known example of this.

But back to the benefits of centralisation. On the same page this report says:

"A single service approach offers significant scope for bringing together funding streams and reducing the complexity of governance and the duplication of effort and control. It also allows for the rationalisation of back office and specialist services, but with the opportunity to spread back-office and specialist functions more widely across the country. Through simplifying the delivery landscape in this way, the costs associated with the existing multiple governance and co-ordinating mechanisms would disappear."

To be fair this looks like a reasonable attempt at a genuine explanation of the apparent potential benefits of centralisation. But the unfortunate truth is that the last 30 years worth of research in this area provides conflicting evidence of benefits of centralisation or decentralisation within the public sector. See for example: "Centralization, organizational strategy, and public service performance".

The idea that a single service will reduce the complexity of governance may be true, but it will not reduce the overall complexity of the problem. Centralised control allows for rapid decision making at the expense of a lack of detailed and localised knowledge. In effect it could be argued that any efficiencies of centralisation are in the way that it allows rapid and consistent decisions to be implemented nationwide regardless of whether or not they make sense at the local level. In practice centralisation is very likely to result in a nation of demoralised staff who feel the stresses and frustrations of having to work within a bureaucracy that neither understands, listens to, or has the time for local concerns.

The reports pretend that this is not the case by arguing that a single force will, through efficiencies of processes and interfaces, be able to address local needs better than a decentralised organisation could. But this is smoke and mirrors as addressing local needs would decentralise control and increase the interfaces involved in decision making processes. The force as a whole cannot be both centralised and decentralised at once.

Different operating structures favour different ways of working. Centralisation makes for efficient delivery of very simple standardised unchanging services but adds complexity and bureaucracy to the delivery of complex and highly variable services such as are required to address the diverse needs of a nation like Scotland.

Decentralisation is a potentially inefficient way of delivering simple standardised services but excels at motivating staff who are faced with dealing with ever changing diverse and complex issues at the local level.

The recent Christie Report on the delivery of public services in Scotland makes it clear that we can only operate efficiently if we accept that there are different needs and priorities across the country and that we need to address those differences. In other words, we will deliver cost savings, not by delivering the same service throughout the country but by prioritising the delivery of the services that matter in the areas that they are delivered. The simple truth is that delivering the same service everywhere is a waste of money.

Cost of change

Incredibly, the suggestion of moving to a single force for the police, fire and rescue brings one certainty: the cost of change. Whilst there will be arguments about the predicted cost, there is no-one questioning the fact that changing to a single force will be a big and costly change.

If there was a strong argument why, in the long run, a single force would bring savings and improvements in service then you could understand that this cost of change would be something worth investing in.

But the majority of the published cost savings are not dependant upon a single force. They relate to reducing capacity and lowering salaries.

In simple terms the government is proposing to reduce the workforce, cut salaries and simultaneously ask them to completely change the organisational structures they work within. If that is not a recipe for disaster, what is?

Why?

What is driving the push towards centralised control?

The only answer that seems to make any sense is centralised control itself. It seems that we have a government that does not believe in giving out control to other people. It seems to believe that our country is safer in the hands of a few hand-picked individuals in arms reach of government: but out of touch with you and me.

Saturday 6 August 2011

Investigating the figures behind the facts - The future of policing in Scotland - the one force model

"The projected long-term savings under a new structure are up to £154m a year, every year." (Scottish Government Spokesman quoted in Scotsman, 26 July)

I recently read some newspaper articles about the current political debate on merging Scotland's regional police forces into a single force. One figure kept on being quoted (without reference) and grabbed my attention. The £154m annual savings that would come from this change. Where did this figure come from?

The figure appears to come from the document: "Sustainable Policing Project, Phase Two Report: Options for Reform" (March 2011). This report presents an estimate of potential savings (p.55) which totals £153.9m.

But this figure is not the potential savings from restructuring from the current regional forces into one force: the table shows, to quote: "estimated efficiency potential within the various functions of policing if the Target Operating Model were to be adopted". The "Target Operating Model" is a model for operation which is independent of whether the force is 8 forces, regional forces or one force. To quote, "The majority of these efficiencies are achievable irrespective of structure" (p. 68).

£154m is the estimated savings that could come from other changes to the way that the police forces operate. Some of these savings are quoted as potentially taking up to five years to realise. "Efficiencies were calculated and validated using benchmark data" (p. 54) "from other forces (England and Wales) public and private sector (Industry Standard)", "by considering the potential impact of established and well tested levers, for example: management de-layering, process engineering, shared service economy of scale".

The quality of this report is very poor and the savings take no account of the cost of implementing change. Cosla is quoted (by Scotsman) as saying that a Scottish Government business case, "shows that Scotland would have to spend a whopping £230m (equivalent to 7,600 police officers] in start up and restructuring costs for a single force." I haven't been able to find this document, but it is quite possible that this is just the cost of merging to a single force and not the cost of implementing the "Target Operating Model". Remember, it is the Target Operating Model that is quoted as delivering the savings, not the change to a single force.

I am not interested in politics. I am interested in effective public services.

If the SNP are quoting £154m savings as justification for a single police force in Scotland then they are either badly mislead or badly misleading.

I sincerely hope that those with the power to influence this decision get their facts straight before they make a very costly mistake.

I am disappointed that the media in Scotland seem so keen to present political dispute that they have failed in their job of uncovering the true facts behind the story.

Friday 1 July 2011

Reactions to the Christie report on future delivery of public services in Scotland (or "why a little knowledge is a dangerous thing")

Yesterday saw the publishing of the Scottish Government report "Commission on the Future Delivery of Public Services" chaired by Dr Campbell Christie. Despite presenting a radically different way of delivering public services, it has met with repeated media criticism that the report says nothing new or actionable. Damning with faint praise, the SNP Finance Minister, John Swinney, in a Newsnight television interview, indicated that the proposals were broadly in line with what the government was already doing.

So is this report 100 pages of predictable "Motherhood and apple pie" or is there some substance? If there is substance to this report, then why is the media unable to see it and why are contributors to the report uneasy to back it wholeheartedly?

Lacking substance?

It's clear why many people see this report as lacking substance. It doesn't provide specific steps on moving forward like saying that region X should merge it's 5 frontline services (1,2,3,4 & 5) into a single coordinated user facing service by May 2012.

But the reality is that this report was not commissioned to do this, nor did it have the capacity to get into that level of detail. Politicians know that the media like this kind of bite-size proposition and they are good at delivering them. We should think twice about criticising a report of this quality, depth and coverage for failing to feed the media.

The report presents and argues the case for long term focused strategies for delivering public services. These strategies may not appear radical on paper but the fundamental issue is that these are strategies that are completely different from what is happening today.

It doesn't matter that these individual proposal seem obvious. There is a reality gap between what most people see as obvious and what happens in practice every day. It is a scary truth that a large number of the people who deliver our public services are either working with systems that prevent them from doing the job they want and need to do, or are so isolated from the underlying purpose that they cannot see why they are failing to deliver value.

I shouldn't need to explain these things, because the report actually says them very well. But there is clearly a need to explain how this report will make a difference.

Making a difference

If the proposals and implications of this report are delivered then we will see a massive change in the delivery of our public services. The changes, whilst following common themes, will differ from region to region and service to service. They will be driven by the needs of the communities they serve and those needs vary dramatically across the country.

These proposals are based around service delivery and organisational change that have been tried and tested. If you need evidence then search the internet for some of the books or online video presentations of John Seddon whose company "Vanguard" has become synonymous with the practice of 'Systems thinking' in the UK public sector. Like him or loathe him, John Seddon has applied these principles throughout the UK and collected the evidence to demonstrate the results.

If you want something even more radical but closely aligned to this reports proposals of reducing organisational complexity, get your hands on the BBC Wales series, "Ban the Boss" and the work of Paul Thomas. His truly radical and fairly risky work in the public sector in Wales claims up to 300% increases in productivity. Yet, on paper his strategy of reducing "managers" could so easily be criticised as being nothing new and could, so easily be implemented in a way that delivers a disaster rather than reduced cost and improved service.

The problem

The problem is that most people who read this report have no idea how to implement the changes. These changes might as well be written in a foreign language or complex scientific notation.

Despite being in English, the language of much of the proposals of this report is the language of organisations, systems, complexity and change. This language draws us in to a false sense of understanding with terms that seem to make sense yet hold vast meaning beyond common usage.

Page seven of the report makes cursory reference to "failure demand" which is explained as "demand which could have been avoided by earlier preventative measures." That sounds so obvious and yet the topic of 'failure demand' is the subject of whole chapters if not whole books. It is neither an obvious concept nor one that is well understood or applied either in the public or private sector.

In other words, this report contains big ideas that are compressed into succinct and specialist language that should be fully understood by those who need to implement the proposals but could so easily be missed by the general public or journalists or indeed politicians.

Actions

So, how can these ideas be turned into action? The secret sounds simple. They need to be implemented by people who understand the ideas.

Changing organisations is not something everyone gets taught about at secondary school. Even those with management degrees will be lucky to have received any guidance at all on how to restructure organisations to reduce complexity. Yet, unless something radical happens, this report will be digested and actioned by people who have no specialist knowledge or experience in organisational change and systems thinking.

The Christie report is a radical report. But it's proposals will have little effect unless the government can find and appoint a large enough group of skilled individuals who have the capacity to assess regional issues and turn them into practical proposals. Those individuals need to be given the authority to ask questions and initiate change.

Conclusions

In summary:

  • There is no point in trying to turn this into a standardised and centrally driven policy of change across Scotland. It needs to be driven at a local level.

  • It has to be implemented by individuals who have been selected because they fully understand the organisational issues being presented not because they are "solid and reliable people who have delivered good reports in the past". This also excludes appointing a group of "management consultants" from some "safe" big brand consultancy.

  • By delivering these policies locally the government benefits from spreading its risk. Not every plan will go according to plan. Some of the people chosen to drive change locally will not live up to expectations. But only fudging the facts or avoiding the issues will avoid this and the cost of doing nothing is far, far too high.

  • If the government acted quickly they could have a handful of specialists in place by the end of August 2011. Acting locally with central backing they could provide the skills and energy to start delivering the first steps of change immediately.


Postscript

There is clearly a large overlap in Scope between the Christie report and the last week's McClelland report on the ICT Infrastructure of the Public Sector. If the government is going to deliver joined up services then the proposals of these reports should be joined up too.

Friday 24 June 2011

Response to Strategic Principles of McClelland Report "Review of ICT Infrastructure in the Public Sector in Scotland"

Apologies in advance for the length of this post. The post consists of the 12 proposed strategic principles of the McClelland Report with comments after each one.


Direct comments and responses to the 12 Proposed Strategic Principles of the "Review of ICT Infrastructure in the Public Sector in Scotland":

"Although 'information management' is a core activity it is not essential to operate totally self-sufficient local information processing, support and development."

This statement on its own is irrefutable and I would be surprised if any public sector body was truly "totally self-sufficient". However, the implication of this 'strategic principal' within the McClelland report strongly argues the case against local 'in-house' knowledge. And the reduction of local in-house knowledge is a dangerous proposition that does need to be evaluated very seriously in each context.

In short, removal of or outsourcing of local ICT knowledge disempowers the local body from making choices or innovating around the use of technology and process. Given that innovation efficiencies come from local users this is paradoxically a recipe for inefficiency and waste.

At the end of the day skills and knowledge need to be located as close to where they are needed as possible. If local bodies need local skills to make efficient use of ICT and process then the skills need to be there.

"The number of data centres and associated support should be minimised."

Yes.

"The shared hosting of common applications delivers ICT savings and central and regional plans open up ICT and other shared business process service opportunities. The existing clusters of nearly common applications should be built upon by selecting the best single application implementation and associated business processes and then from there achieve a reconciling of and agreement on common business processes so that the number of separately hosted instances can be rationalised and reduced."

The first sentence here is fine and good. Shared hosting of common applications is good and coordination at the regional level to encourage or even mandate the use of shared common applications may well be the right thing to do. Moving staff from using Microsoft Office to using OpenOffice.org would be a classic example of appropriate mandated change as long as all genuine technical data exchange issues had been addressed in advance. Of course such a change has a change management cost which must be costed.

However, as soon as there is talk of trying to merge 'nearly common' applications or business processes the line has almost certainly gone too far.

It is true that organisations may have different processes and procedures for historical reasons and there may be no reason for them to be different. If the end users who are familiar with everyday use of such systems recognise this, even reluctantly, then there is probably a strong argument for merging the processes as long as the costings recognise that there may be a significant 'investment' cost associated with implementing that change process.

Unfortunately one of the commonest reasons for so-called IT disasters in the public sector is the attempt to merge processes that seem (at a distance) to be the same, but are (on close examination) different for good reason. Often the historical reason why different organisations do things differently is that there is something genuinely different about what they do!

Changes in processes are often introduced locally as innovations to reduce cost and increase efficiency. Good reasons why changes in processes can bring local efficiencies include: co-location with other services; the shape of buildings and how long it takes to carry out tasks; office design; shared vs person printers; shared vs personal terminals/computers; and security implications of public access to buildings on logon procedures.

There is nothing worse on staff moral or fundamentally stupid than forcing staff to change a locally efficient process to an inefficient one in order to conform to a standard way of working!

"A framework of oversight and governance for each part of the public sector and at an overarching national level is critical."

Yes, but it should not add layers of bureaucracy or oversee ICT in isolation from other issues which are always interconnected.

However, there must be mechanisms in place to allow innovation from the users. In other words, there must be an open communication channel from users to those who can instigate change.

"Co-ordination of interaction with the ICT industry within each sector and at a national level is essential and will be beneficial."

Yes. There is opportunity for procurement savings by ensuring co-ordinated interaction with suppliers and service providers. It is essential that public bodies have skilled ICT representatives involved in those interactions to ensure that best value is being obtained. There may be a case for involving SMEs as independent ICT advisors in these situations as SMEs tend to be more aware of technological change than public sector ICT departments or large private sector suppliers.

"Relationships with suppliers should have a stronger partnership element."

What does this mean? Many historical suggestions of strong partnerships with the private sector have become costly and anti-competitive relationships which have benefitted the suppliers at the expense of the public sector.

The public sector needs to establish relationships with suppliers that leave the buyer with ongoing control and choice. One of the best ways of doing this would be to ensure that all software development for the public-sector was based on open standards, publicly owned and open-sourced from day one. This would put the supplier under appropriate public scrutiny and enable a poorly performing supplier to be swapped out in favour of an alternative supplier if required.

"It should not be a given that investment in and ownership of ICT assets and capability such as systems development is the norm and all avenues including investment avoidance and transaction / usage based charging should be pursued."

Scotland has a particularly poor history of choosing to do its own thing when something perfectly good is already available to purchase 'off the shelf'. This 'not invented here' syndrome is something that needs to be rectified particularly in the primary and secondary education sector where recognition of Scotland's different education system has to be balanced with a recognition of its similarities.

The rapid growth in cloud based services or 'apps' also means that there are large areas of ICT usage which could be satisfied by 'transaction / usage based charging' models.

However, where systems are developed specifically for the public sector it is very dangerous to do so under an agreement that gives ownership to the supplier and leaves the public paying on a transaction / usage basis. Any system developed specifically for the public sector should be owned by the public.

"Citizen services and data should be seamless and integrated across public sector and should specially address the needs of the elderly, sick and other vulnerable groups which cross organisational boundaries."

It shouldn't be necessary to warn of the mistakes of projects as recent as the NHS National Project for IT. But history shows that the public sector has repeated these mistakes over and over again.

We must not embark on producing any "seamlessly integrated" system across the public sector.

The recognised way to address this need is to establish well defined data standards and protocols for transacting data between systems. Wherever possible these standards should be open standards because we should not be re-inventing them and we should be trying to benefit from re-use of systems that already exist.

Thankfully the NHS in Scotland has largely taken this approach already.

"Most of the required ICT capability is specialised by sector yet there are vital national dimensions and cross-sector imperatives."

Yes and open standards for data sharing should be a big part of the mechanism for addressing this.

"Order of merit should be to first re-use, then buy and build only as a last resort. Existing initiatives and exemplars should be built upon and have their capabilities extended through free sharing with others."

Free sharing could be transformational on the public sector. But this should, wherever possible, be public sharing not just sharing privately between organisations.

Firstly, unless software used by the public sector is made publicly visible and accessible, organisations will find it hard, if not impossible to identify the opportunities for re-use.

Secondly, only through public sharing will the public sector benefit from the untapped resources of SMEs and crowd sourced public individuals.

Open sourcing public sector software massively lowers the barriers for competition from SMEs as it enables them to compete with incumbent providers and enables them to pro-actively offer services tailored specifically to the technical needs of the public sector.

"New technologies and concepts be pursued especially where they can reduce investment and support other efficiency and sustainability goals."

This is a good goal but the original 'strategies' above would all but prevent innovation and the use of new technologies.

"The negative impacts of and positive opportunities from effective ICT on the environment should be addressed and pursued."

Thankfully a focus on cost reduction in ICT tends to naturally deliver environmentally beneficial outcomes.

Wednesday 22 June 2011

Shared ICT services are a recipe for holding back change

Today I've been reading John McClelland's report, "Review of ICT Infrastructure in the Public Sector in Scotland". Published by the Scottish government today, the work was started in 2010 at the request of the Scottish Government Cabinet Secretary for Finance and Sustainable Growth.

There's plenty to comment about in this report but I'll focus very briefly on one important point. But first a quote from the report:

"Shared deployment of ICT will reduce ICT cost and deliver savings in costs within individual public sector bodies. However, it can also, by being shared, provide a platform for additional efficiency and savings across multiple public bodies. The establishment of shared hosted information systems, commonly used across multiple organisations makes it very much easier to also share the resources and skills needed to operate other business processes. In this way shared ICT deployment unlocks the gate to shared services opportunities in other operations and processes." (section 4.2)

It is true that the sharing of flexible and completely industry standard infrastructure can help to reduce costs and reduce duplication.

Beyond that, organisations are not the same. So the sharing of services is not about sharing the same thing it's about making organisations work the same way whether it makes sense at the local level or it does not. The cost of making this massive organisational change may completely outweigh any apparent short term savings in ICT procurement. The long term process inefficiencies of forcing different organisations to work in the same way may introduce costs that also outweigh any ICT maintenance savings moving forward.

In short, there can be no assumption that shared deployment of ICT will reduce ICT cost.

The biggest problem

But the biggest problem with shared services seems to be the least understood:

Sharing services in the ways commonly understood in the public sector, lead to tight process dependencies between already huge government organisations. These dependencies, instead of helping to deliver change, actually act to constrain future change.

To put it simply. If you force two organisations to use the same core processes and the same central ICT system, then any future changes in process must be implemented in both organisations at the same time.

Friday 1 April 2011

Government IT - central government and misunderstanding efficiencies of scale

Last week, the Commons Select Committee on the Use of IT interviewed Local and Central Government departments and the largest supplier to government which also was the only large supplier willing to take part as a ‘public’ witness. This week they questioned the government minister but I haven’t got round to watching that yet as the video stream requires me to watch in real time and be physically in front of a computer with the appropriate plugins installed. I would have preferred to be able to watch it at double time on the bus!

The local government representatives, though they may not be representative, largely demonstrated an understanding and engagement with issues even if, in one case, they found it hard to express that in ways that could be understood by the committee.

Central government departments

The representation from the central government departments gave me considerable cause for concern. If I were responsible for their current projects I would be asking lots of questions. Here are a number of the comments that rang warning bells:

  1. 60% of the current project is being done in an agile way, the other 40% (core infrastructure) is not.
  2. “legacy systems are not suitable for agile”
  3. The advantage of using an existing supplier is that you can re-use skills and people and existing knowledge.

For clarity, I should explain why these rang warning bells:

  1. One of the key benefits of agile is the ability to deliver a very early release of a product ‘end-to-end’ within a short time-scale. The act of doing this de-risks a project immensely and the act of failing to do this is a much less expensive way of discovering that something is wrong! You can’t deliver an end-to-end early release if the core infrastructure is not part of the system. So, there may be apparently valid reasons why this project cannot be 100% agile, but those reasons, or the decisions made in response are a sign of a problem.

  2. It simply isn’t true that legacy systems aren’t suited to agile management / development techniques. In many respects, renewing (‘refactoring’) legacy systems is a task that benefits hugely from the principles of agile. In particular, agile provides skills and techniques for reducing the cost of change and one of the big problems with legacy systems is their cost of change. So, this quote, from one of the key leaders in the public sector, tells me that they simply do not understand what ‘agile’ means or can do.

  3. Continuity is clearly a great way of retaining knowledge and skill. I think government should be doing a lot more to retain skill and I think procurement practices tend to enforce the throwing away of knowledge and skill, ultimately at the expense of the public who pay for everything. But you cannot, on the one hand claim to be running a procurement process that is even handed and at the same time argue that re-using the same supplier enables you to re-use skills, people and existing knowledge.

Integration, centralisation and efficiencies of scale

Anyway! All of these evidence sessions to date have thrown up enough material to write a book which is why it’s taken me another week to write anything coherent.

But, I’ve been saved because this week I reached page 57 of the “Written Evidence” document - the submission of Andrew Hardie which very effectively expresses my views on almost everything. To be honest, this is quite disconcerting at first, but also very encouraging as writing has never been my strong-point! To quote one of his points which I agree with wholeheartedly but which is a point made by few if any of the other contributers:

Perhaps, the greatest fallacy in both government and private sector ICT systems implementation is that greater systems integration is the answer. It isn’t. The more tightly you couple ICT (or, indeed, any) systems together, the greater the speed, range and impact of problems and side-effects become and the harder it is to change the resulting monolithic systems, precisely at the time when ever greater agility is needed.

There is a constant push to standardise systems in government to obtain ‘efficiencies of scale’ through more efficient procurement or through the wide use of identical software. This push for standardisation and efficiency almost always results in a decision to roll out a massive IT project. The conversation appears to go something like this:

A: We mustn’t have any more huge IT projects that cost too much and go wrong.

B: I totally agree.

A: Okay, so how are we going to reduce costs in IT projects.

B: Well, we are aware that there are lots of departments re-inventing the wheel with different IT systems that do fundamentally the same thing. We need to standardise the systems they are using and cut the outrageous costs of this duplication which is caused principally by a failure of communication between departments. The left hand doesn’t know what the right hand is doing!

A: Yes, I totally agree. It’s shocking!

B: Okay, so lets set up a project to consolidate all the systems together into one standard system.

A: Fine. Go ahead!

Yes, in the course of a few sentences they have moved from deciding not to have a huge IT project to setting up a new one, yet the flaw in the argument seems hard for government to spot!

There are all sorts of costs of complexity associated with interactions with people. Very rarely do multiple departments actually do the same thing. When you try to bring everything they do together into one system you typically end up with a system that is far too complex or a system that doesn’t meet the needs of the people you are producing it for.

The fundamental flaw in the argument above is the belief that different departments are actually doing precisely the same thing. In reality, if you talk to the users, you will find lots of differences in need and use and common practice. If you want to make the users more efficient at doing their work then you need the system to be tailored to their need not imposed on them from above.

The more complex flaw is that they criticise the departments for not communicating without recognising the additional cost and complexity introduced by requiring departments to communicate with each other! Failure to communicate is a cheap argument that is almost guaranteed to be accepted as grounds for criticism. But communication takes time and we almost universally suffer from too many meetings and not enough doing.

Friday 18 March 2011

Government IT projects and managing risk

I’ve been trying to watch / listen to the witness sessions of the Commons Select Committee on the “Use of IT” that have been taking place over the last two weeks. The strongest theme that I detect in these sessions is the bemusement that past governments and past projects have failed to address the issues.

One word that keeps on coming up in the discussions is ‘agile’. As always there are many explanations of what it is and I can’t help but feel that none of the explanations seem to provide the select committee with the eureka moment that people need to understand what it means and why it is different from the status quo. I wonder whether an explanation in terms of the management of risk might help a little.

Agile project management and the management of risk

For the sake of understanding what agile means, particularly from the perspective of management and strategy, let’s consider IT projects and the management of risk.

There is a strong tradition in some areas of management that says that management is about control. In other words, a well managed project is a project that is well defined, fully costed and running to plan. If a project fails, then the response is that the project was not controlled enough; it was not properly defined at the beginning; it was not properly monitored throughout; it was poorly costed and lacked strong management.

This view of management has been the driving force for many standards and methodologies that government has adopted over the years to keep projects in check and ‘ensure value for money’. But as we all know, history shows that, in a lot of cases, this simply hasn’t worked.

In reality, so called government ‘IT projects’ are often massive ‘change projects with an IT element’. These projects are massively complex and inherently highly risky. Just like risk in the financial markets that risk can be managed, but however it is packaged up and hidden away it will not go away.

Let’s take this analogy of financial investment a little further. Imagine that you are given some money to invest in equity in an area of the market that is highly risky but has the prospect of significant returns. Do you:

  1. Invest all you money in one company, locking yourself into an agreement that prevents you from selling your investment for five years; or

  2. Spread your risk across a number of companies, ensuring that you can sell your investment at any time and re-invest it somewhere else if the market changes or you realise that you made the wrong decision in the first place.

Now, imagine that, for some bizarre reason, you take the first option and you invest everything in one company. Would you reduce your risk if you took two years to decide which company to invest in and you ask each company to set aside a considerable period of time and resource in making detailed projections of where the company would be in five years time?

Okay, I hope it’s clear to see that this analogy bears remarkable resemblance to the traditional government approach to contracting out IT projects. I also hope it is clear that, when seen as a task of managing risk, the second option is clearly the way to go.

The second option is, in effect, the ‘agile’ approach. You diversify your risk and you reduce your risk by simplifying a big problem into a large number of smaller problems. You push against those who say that a project is inherently large and find ways of building a small working part of it very quickly. You push against those who say that everything needs to be produced by one company or team and use existing open standards as a way of guaranteeing interoperability. In this way you prevent ‘lock-in’, you open up projects to a much larger number of smaller development teams, and you encourage cooperation, experimentation and innovation.


I hope, for a few people, this explanation might help to bring a better understanding of some of the problems of government IT projects and why an open and ‘iterative’ (under whatever name) approach is crucial if government is to manage its risks and deliver the real potent for a huge return.

Friday 11 March 2011

Written evidence to the Commons Select Committee on the Use of IT

A number of recent articles have drawn my attention to the Commons Select Committee on the “Use of IT” which apparently started an inquiry today, but then again the web site said that yesterday too!

I’ve always had a very keen interest in the effective use of technology in the public sector, so I couldn’t help take a look at the subjects it was looking into and the written evidence it has received. Unfortunately, so far (and I’m only on page 15!), the evidence seems to reinforce the reasons why successive Governments seem to be so fundamentally unable to use IT effectively. The reason I say this, is that the evidence I have read so far demonstrates the massive diversity and contradictory nature of the advice they receive.

In this first blog on the subject I’ll touch on the suitability of management and delegation out of the public sector. I’m fairly sure there will be more posts to come on this who subject!

Suitable management

One theme that is already coming through in the first 5 submissions is the theme of control. Are the management suitably qualified to manage the projects:

Management of the Public bodies is at all levels recruited mostly from non-IT backgrounds. Typically the managers possess long experience of the needs of the Organisation, but not of the issues raised by the development of an IT system. This leads them to make errors of judgement on IT policy.

I think the background of the management is probably a bit of a red herring, but it is absolutely true that a manager of an IT project must posses the skills and knowledge to be able to manage the project and take control. A common characteristic of management of failing IT projects is the complete reliance they have on the guidance and work of staff and consultants below them. The best manager of an IT project is the manager who can, if she needs to, listen and talk knowledgeably and meaningfully with the ‘shop floor’ IT staff doing the work and with ‘shop floor’ public sector staff who trying to use it. This is not about a public relations exercise of having top management ‘come down and talk to the workers’ this is fundamentally about whether the manager in charge has the knowledge to understand the problem and talk the language of the people who are implementing it both on the side of the technology and on the side of operations and change management.

Delegation

Closely related to this issue of management is the issue of where you place responsibility.

There are many politically motivated reasons for deciding whether public projects should be carried out within government or in the private sector or even in the voluntary sector. However, ultimately whilst this can have a significant impact on the way in which the work is carried, it doesn’t address the fundamental issues of why IT projects succeed or fail.

This quote from one of the submissions is a perfect example of this misunderstanding:

Government already has a model for a highly successful, cost free, technology implementation that has reached 80% of the UK population. It is the National Lottery. The technology is complex, secure and costly. It cost the taxpayer nothing because government intelligently pulled the levers that shaped an opportunity the private sector would fund.

Here the success of this project is attributed to the government distancing itself both managerially and financially from the risks of implementing an IT project. But in reality this project possess very few of the fundamentally difficult characteristics which government normally has to deal with in IT projects:

  1. This was nothing new. The UK was implementing a National Lottery on the heals of many other nations who had done this before. There are few areas of public sector IT which fit so neatly

  2. This was a perfect example of the large scale delivery of a standardised product. The National Lottery was not an IT project to modernise hundreds if not thousands of previous lotteries scattered around the country and carried out in their own unique ways in circumstances which were also very different regionally. The National Lottery was a blank sheet of paper with the opportunity to implement the best, cheapest, most effective solution and to effectively impose it consistently across the country.

  3. The requirements were relatively easy to define. Ongoing success was easy to measure. Ongoing success and incentives were aligned with ongoing government requirements.

In short, the current government may well have it’s own political view on who should carry out IT projects, but this decision should not be confused with the real issues of making projects work. If the government decides to pass responsibility to the private sector or even the voluntary (should we call it ‘open source’) sector, it will nevertheless remain responsible for the end result. Ultimately the Government must either take control or loose control.

 
Google Analytics Alternative