About the organization
As the government department responsible for running the
Established as an independent department in May 2007, so that the Home Office could focus on terrorism, security and immigration, the MoJ had a staff of 77,000 in 2007-08 and a total budget of £8.8 billion.
As well as back-office systems, the IT operation extends to almost 595 court houses, 139 prisons and 42 local probation areas, with an emphasis on providing cross-department and, increasingly, multi-agency integration.
The new head of that IT organisation is Andrew Gay, a veteran chief executive and chairman of major businesses and a passionate speaker on IT project management and long-term infrastructure planning and implementation, having developed several management tools, including ‘The Jugular Principle’ and ‘The 11 O’Clock Rule’. Although only five months in the CIO’s job, Gay knows the MoJ agenda well, having been an independent director of the National Offender Management Service since July 2006, the umbrella organisation that oversees the prison and probation services. He talks to Information Age about the government’s record on IT projects, the challenges for the MoJ and the pressing need for evolve the business/IT relationship.
Information Age: In the past years, government IT project failings have made the headlines on an almost daily basis. Even today, The Times is claiming that government IT projects have a total current cost overrun of £18 billion. What’s your take on this ongoing issue?
Andrew Gay: The main criticism appears to be that we are hopelessly optimistic in government over how much it costs to deliver these schemes, mainly because if you said what they actually were going to cost they wouldn’t get the go-ahead.
IA: Is that a valid accusation or would you dispute it?
AG: Historically, I think there has been a reluctance in government to look at processes in a rather more fundamental way, and therefore [departments] have bought commercial off-the-shelf products and spent a huge amount trying to adjust them to their processes, which has certainly cost a lot of money.
A lot of that has been because there has been a dislocation between the [department] and the businesses that actually deliver services to the public.
In our own example, we deal with the prisons and have to run ‘a hotel service’ with 80,000 beds, fully occupied and jammed solid, as well as feed and clothe [prisoners] and provide security services to stop any escapes. To do that requires a vast knowledge of how prisons work and how prisoners function and what records are required, and there seems to have been not enough business engagement in many of those things. So [to try to bridge that] you get scope creep.
It doesn’t really matter what type of project it is, whether IT or anything else. It’s a question of not nailing down the functionality you actually need, and that has been one of the principal faults with government IT spend. If you are going to deliver an IT project vaguely near budget, it would be far better to spend a huge amount of time working out exactly what you were trying to do with that programme rather than drift into it.
IA: Is that any different to the project management problems faced by the private sector?
AG: I’m not a dyed-in-the-wool civil servant, I’m a private sector person. Somebody said that government IT is: ‘Ready, ready, ready, aim, aim, aim, cock the gun, then consider firing’. That isn’t what I think the problem is. I think the problem is how the same person described the private sector: ‘Ready, fire, aim’. The [criticism] was that we only work out our objectives later on. The government does not have a particular monopoly on failed IT projects – the only thing is that they are much higher profile.
IA: Do you think the government faces additional pressures that the private sector doesn’t have to worry about so much?
AG: I think with the bigger programmes the problems are very similar, and the failures very similar. If you look at the lessons learned, then a key factor is rushing into things – either driven by the supplier or CIO being anxious to proceed, or a government department anxious for information. Therefore, we go for heroic programmes where we haven’t worked out exactly what we want to do. So there are disappointments. I think it’s the same in the private sector. It’s just not as public.
IA: What strategies have you implemented at the MoJ to establish clear and deliverable targets?
AG: Remember I’m in my fifth month here, so let’s not get too carried away over what’s been achieved.
I think there has been a huge increase in genuine business engagement: when you are a service department in government, quite often there‘s a problem with not being able to say ‘no, we can’t achieve that date’ [for a project] particularly when ministerial promises are being made.
There have also been a number of initiatives that we have had across both court and prisons to improve core processing and reduce re-offending. It really needs good information: if a self-harmer for example comes into prison and his records don’t arrive with him, or there’s a racist, or somebody who has definite mental problems; if the records aren’t up to date and with them, and they haven’t had the right assessments done, then you can’t blame the people processing them for sticking the person in the wrong cell or leaving them without supervision when they might self-harm. Any time something like that happens the system gets highly criticised.
All the reports demand greater information. So there have been numerous initiatives to join up information and allow easy access – but it isn’t simple when you’re dealing with different platforms. There’ve been too many initiatives, so we’re trying to rationalise and go for a more simple process.
We want to make sure we understand what the probation officer, the prison officer, the court official – all those people who are our customers – need to do their jobs in a more efficient way. If we worry about them more, concentrate on the objectives, we will still have programmes that overrun and everything else because of unknowns, but the fact is we’ll get a hell of a sight better if we spend a lot more time interfacing with our customers.
One thing of significance I’ve done since I’ve been here, other than build morale, is to help develop a much better relationship with our customers. We can have a dialogue, and that dialogue means sometimes saying, “No you can’t [have that], it’s too difficult”, rather than trying to please and then failing.
IA: In the world of project management, you’re credited with having developed ‘The Jugular Principle’ and ‘The 11 O’Clock Rule’. Can you elaborate?
AG: The Jugular Principle says that, in general, there are no more than five and no less than three critical issues in any project on which it will rise or fall. For example, it’s easy to say that if you’re going into a leveraged hosting environment you’re going to have to move 500 different apps into that new environment. But if you actually look at it, there are only two or three apps that are mission critical. If you haven’t identified which applications are mission critical, one finds that the tail wags the dog.
What you trying to do? Work out where the prisoners are, or have all the other information about them available all the time? The same thing goes for the police systems: 42 or 43 different police authorities and they’re all based on different IT platforms. It took a long time [for them] to get a compliant database that they could actually use. They found that if you tried to set up a completely accessible database, the complications were huge. All they really wanted to know was basic information, not give everybody access to everything.
So The Jugular Principle says work out what is the bite-sized chunk you can digest and what is absolutely critical. It might be that business engagement is critical, or time is critical, such as if [a minister] has made an undertaking to the public. It may be that legacy failing is an issue. Whatever it is, identify it early on. There’s never less than three or more than five issues on which you should base your entire project plan.
IA: And The 11 O’Clock Rule?
AG: If everybody understands what the objective is, and the right resources are in place, then it’s just amazing what people can do. But they’ve got to understand what the target is, it has to be realistic, it’s got to be communicated, and the proper resources – cash, money, people or whatever – must be available. Then it’s unbelievable how much can be achieved. If you break down any of those issues: you don’t have enough time, cash or enough of the right kind of people, then any project will fail.
Looking at it simplistically, if everybody knows exactly what the use of a room is going to be, exactly what size it is, they know what materials are required for it, and the right calibre of workmen are there, and they do the proper planning, then The 11 O’Clock Rule says you will do the normal eight hours of work in four hours.
The Channel Tunnel and the Jubilee Line are two great infrastructure projects, [even though] both fell way behind schedule. But the tunnels weren’t late, it was making them into a working railway in both cases [that delayed the projects]. The guys digging the tunnel knew how far they had to go every single day to meet their target. If they went 17 metres when they needed to go 18, they knew they had to make it up the following day. If everything is there, all resources available on time, then you will finish at 11 o’clock rather than at the eleventh hour.
IA: But isn’t having those three things – time, cash and people – the project management Holy Grail?
AG: In general, I would say project management in IT is quite a new technique. Most people are rushed, contractors come in probably too late, and if you don’t have the resources available of the right calibre, things start moving off programme fairly quickly, particularly if you’re trying to deliver things heroically.
Civil servants are actually quite heroic people, they do actually take on things that are very, very difficult. Rules come into it too, because within government you can’t bend any. It’s quite difficult, because there are always so many procedures to go through.
IA: What would you say are the key challenges facing the MoJ’s IT department in 2009?
AG: I think, at the moment, it’s a very devolved federation: really a number of IT departments which are under functional control from the centre, but not direct control. I’m not suggesting we should change that, because the businesses are so varied they need to manage their own projects, and accountability lies within them. But there’s a whole range of areas in which we can share resources, and that’s the only way we’re going to get sensible savings.
The second challenge, and I think it’s common across government, is that in the present economic climate we have [a responsibility] to at least keep or improve our existing services and avoid any unnecessary wasted project costs. Our business is telling us ‘make what we’ve got work’, and we do have applications that are clunky, and old technology that could be re-platformed and made faster. And if we deliver those quick wins for our customers, then that will lead to a much better relationship with [them]. The general feeling is that we are spending too much of our money on new initiatives, and that it would be much better if we could just make what we’ve got work better, rather than going off on some evangelical move towards new technology.
The third challenge is definitely personal data protection. In general, the security of personal data is a serious issue for the government. It is very complicated to manage, although I think government is doing as good a job as any in the private sector at the moment. Most of the high-profile incidents have all [involved] somebody doing something they shouldn’t have done, against all policy, and which has nothing to do with the IT setup and is rather how people have managed it or broken the rules. In general, I think the strategy from government is pretty good now.
IA: Have you implemented any particular security initiatives during your five months?
AG: The MoJ has, yes. You start by looking where the weak points are: either in the way data is handled between departments, or in protecting access to printing and that sort of stuff. I think that this ministry is as good as any other in moving things forward quickly. It has a subset of its main board that looks at information on a regular basis, and does not view [data protection] as an IT problem but rather as a management process.
We are [also] doing culture training all over the whole ministry to make sure people understand: from the judge who wants to look at evidence on the train, to the unmanned monitor in court somebody might get access to and use to record evidence details.
There is also the personal control of data: who owns it, who is entitled to sign off the protocol for it to move somewhere else… almost treating it like cash or a nuclear asset: “If you want my data I’ll let you have it, but these are the rules that will apply to it.”
It’s a major issue, but it can’t be allowed to reduce the front-line practitioner’s ability to get the right information at the right time. The drive is actually to share data much more.