Select Committee on Public Accounts Minutes of Evidence

Examination of Witnesses (Questions 40 - 59)



  40.  From the report it is quite difficult to work out who was most incompetent: Pathway, who were unable to deliver, who were never going to be able to deliver, the Department who were signing up to a contract that in my view had more holes than a sieve, and that has clearly shown how—I do not like the word "incompetent", I should use another word—problems have arisen. If you look at page 58, paragraph 3.19, for a start, the CAPS programme was going along with the scheme and it was very important that the CAPS scheme worked but that had failed already. This had actually failed by 1997 as well and yet nobody had picked it up.
  (Ms Lomax) The CAPS scheme involved making changes which went right across the benefits system and that turned out to be more complicated than people had appreciated to start off with. After the February 1997 replan CAPS delivered again to all its timescales and it has actually been a great success, it is not a failure.

  41.  It had been a failure up until then because it clearly states in the report at 3.19: "It is clear that the risks of late delivery of CAPS were not well managed prior to the replan of the whole CAPS and Payment Card programme..." etc., and people were not being informed, Pathway were not being informed, the Post Office were not being informed, so they were going on their merry way with this doomed project and about this CAPS, which was so important to the project itself, nobody was actually telling them.
  (Mr McCorkell) I think leading up to 1996 the CAPS programme was running behind schedule to deliver to the then contracted timetable. That was identified and a major review took place and major actions were taken, which I think are mentioned in the report, to put the CAPS programme back on line. So CAPS, as well as the other two parties, in 1996 recognised that we could not meet the original timescale defined. We then undertook very significant action to bring that back on line, and hence agreed the replan for February 1997.

  42.  I am not wanting to be political or anything like that, I try not to be, but one has got to see the chronology of all this. Did the Government that came in at the time have the unenviable task of basically clearing up what was a shambles?
  (Ms Lomax) I think they inherited a very difficult project and it took a long time to get it on track.

  Mr Steinberg: The Post Office have got away with murder because I wanted to get on to them next but I have not got the time.

Mr Williams

  43.  Permanent Secretary, we have been told a partial explanation of why we are where we are, that it was a pioneering project, which I assume you would agree with?
  (Ms Lomax) Yes.

  44.  It was a large project with up to one billion pounds worth of payments that Pathway had identified, that is agreed. It was a complex project, that is also agreed. In that case, when the risk analysis was being carried out, why was it that the risk of inadequate project management methods, the risk of inadequate planning and the risk of inadequate risk management were not even identified as risks? They were not identified in 1995 and they were not identified in March 1996. Now we find in April 1998 that they were high probability risks with high impact expectations. How on earth could whoever drew up the risk register not have taken that into account, the fact that dealing with something so large, so complex, meant that management itself was a risk?
  (Ms Lomax) I am surprised at what you say and I am wondering what it is based on.

  45.  If you look at page 90, Appendix 7, item 15 at the bottom of the page, there is a description of risk and there was no entry in September 1995 and in march 1996 it says "not identified" and then if you move to the final column it had been recognised by April 1997 and in 1997-98 it was regarded as high risk under both headings.
  (Ms Lomax) These are the purchasers' risk assessment of Pathway's proposals and Pathway's own risk registers did not mention inadequate project management methods, planning and risk management. I do not know.

  46.  Who drew up this list? How was it devised? Who was responsible for that? Was it the Department? Would they be the people solely responsible?
  (Ms Lomax) This was the joint procurement authority presumably that drew up the list.

  47. So who is putting hands up and saying "we were party to this"?
  (Ms Lomax) The DSS and the Post Office. This was a joint procurement, part of which—

  48.  And neither of you recognised the possibility that management and risk management could possibly be worth listing as risk factors? I find that astonishing.
  (Mr McCorkell) What we are looking at here, and the point you are making, is the stage before the procurement and the difference in the stage up to the procurement. During the procurement these would have been identified as risks but may not have been identified as major risks given at that time the appreciation of the real scale and complexity of what we were trying to do and the difficulties that we were facing under the PFI methods of development were not recognised. What is shown here is that following procurement, when we tried to deliver this, the risk management methodology immediately started to spot these as significant risks because we now realised the scale of what we were attempting and realised the restrictions under the contract under which we had to develop it. So they became highlighted risks. I think this is showing that risk management after procurement picked up these issues. Before the procurement, part of the misunderstanding of how a PFI contract would work did not highlight these as major risks.

  49.  Looking at this table it is a devastating indictment. Just look down the column for March 1996 for all the items there "cleared, cleared, cleared, cleared, cleared, cleared, not identified". The security requirements were seen as a medium risk in 1996 and yet by April 1998 had become a very high risk. Surely you should have started off with that as being one of the highest risk problems, should you not?
  (Mr McCorkell) I think it is the nature of risk management that risks (a) can arise later in the process, (b) increase later in the process, and (c) some risks which you may take off your register, in fact it is part of our methodology that we keep reviewing them, may well come back on the register. Again, we are looking here at a procurement phase and development and implementation phase.

  50.  You are managers, you are not low level managers, you are top level managers, you are being paid high salaries, and one would have thought when it comes to identifying risk you would want to ensure that you have some sort of consensus on what both parties were contracting for. Pathway have a legitimate complaint to my mind because you asked them to share the risks but you did not tell them what you thought the risks were.
  (Mr McCorkell) If I can try to explain just a little bit further. The security risk is—

  51.  That is just one of them, I am talking about all of them.
  (Mr McCorkell) The security risk was identified as a risk during the procurement process. There was a proposal to meet that risk. There was high level definition of the extended verification process. That was acceptable to the procurement process, we believed that would work and, therefore, that was down to medium risk. When we started to develop the detail, as Mr Oppenheim pointed out earlier, that became much more difficult because of the interaction between the three parties and, therefore, because it was absolutely vital to our system it went straight back up the risk register and became a high risk and would remain a high risk until it was fully developed and delivered.

  52.  I just cannot understand, rather than try to work on the basis of collective wisdom and collective experience, something that is pioneering, and, therefore, pooling your knowledge and pooling your thoughts, the Post Office or the purchasers made, according to Pathway, top of the final two columns that neither of these risks registered were shared or discussed formally with them. Surely that is crazy, it is lunatic? Did anyone resign?
  (Mr Roberts) That was at the time exactly the way PFI was expected to operate and we were being—

  53.  When you say, "was expected to operate", if it is intended to be a pioneering method a pioneering project, you have to pioneer the method of operation. On something of £1 billion it would seem to me that pooling ideas on risk was sheer common sense, not postdated common sense.
  (Mr Roberts) I would absolutely agree with you. Q: Then why did you not do it? Roberts: Because it was not what we were told to do at the time.

  54.  Do you not have any initiative? What are you paid for?
  (Ms Lomax) Can I introduce some things in here? The point that Mr Roberts is making is that the PFI was all about transferring risks to the people who were best designed to manage them, and in the thinking about PFI it was very much, "You do your thing; we will do our thing". Nevertheless, informally, there was a great deal of discussion about risks during this project, a great deal of discussion. Risks were regularly discussed at project boards and steering committees, and all the rest of it. The difference from our approach to risk at the moment is that sharing of risks registered now would be formally written into the contract. We would have a much more open process mandated under the contract.

  55.  That sounds much more rational, but it is not what you signed up to. You signed up to this Report. The heading says, "Pathway told the NAO that neither of these registers were shared nor discussed formally with them". You are just trying to give the idea that there was a meaningful interchange. Let us ask Pathway, do you feel that there was a meaningful exchange at an informal level?
  (Mr Oppenheim) We would have preferred a more joined-up approach, which is certainly what will happen now. The problem was one of silos as I think you are alluding to. The notion was that we could operate in our respective silos and deal at the boundary. In actual fact, with such a complex end-to-end system, which involves processes right through from one end to the other and back again, that does not work.

  56.  It is small wonder that IBM dropped out and the other company. You cannot blame them. You were very lucky to get anyone who was daft enough to enter into an agreement with you on the basis that you will not tell them what is at risk when you, the Department, and you, the Post Office, are the people who know what is needed and what the operational risks are. How crazy.
  (Ms Lomax) People have doubts about PFI as the framework for doing development work for IT.

  57.  You have doubts about it still?
  (Ms Lomax) We have needed to reinterpret what PFI means as applied to IT projects quite substantially. That is what all of these reviews and reports you have been doing, the new guidance is about. What we are doing for our current modernisation projects, such as Child Support reform, is a very difficult subject.

  58.  As you did not share risk, let us share blame. How much of the responsibility for the mess we find here rests with the Department and how much with the Post Office? Then you can each tell me who resigned in each as a result of it. Let us start with the Department. What is your view of this situation?
  (Ms Lomax) Speaking as somebody who was not in the Department when this went on, I have looked at it very thoroughly in preparation for this hearing, as well as earlier, and I think the Department actually tried very hard to manage a very difficult contract, and manage an over-ambitious project within a very difficult contractual framework really quite well. Far from sacking people involved, many of the people involved are our most experienced programme and project managers, on whom we would depend to deliver projects in the future.

  59.  You managed it quite well, but when the contract was signed it was intended to have a trial within ten months of the full system, and three years later no such trial had ever taken place. That does not look well-managed. Let us hear your view of why your organisation did so well?
  (Mr Roberts) I have a very similar reaction to Rachel Lomax.

previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2001
Prepared 11 July 2001