Colour code sends clear signals on Gateway progress

The six-step Gateway review process, which monitors the key stages of implementing government IT projects, is managed by Whitehall's buying agency the Office of Government Commerce (OGC).

The executive director of the Gateway programme, Ian Glenday, talked exclusively to Computing about the impact of the agency's work and the case against legislation to enforce best practice.

The question of legislation to enforce best practice in government IT programmes has re-surfaced recently. Is this a view you would support?

There are two slightly different issues here. One is best practice legislation, and the other is the public availability of Gateway reports.

The Gateway part of the question starts with the fact that things are improving and the way government's largest and most mission critical projects are handled is better now than two or three years ago, before the review system was developed.

A lot of the stuff the Commons Work and Pensions sub-committee [currently looking into the administration of IT projects] is seeing is about projects whose inception is quite deeply routed in history so they haven't had the opportunity to have today's best practice involved since the start. The projects the committee is often talking about - the Criminal Records Bureau, the Child Support Agency, Tax Credits - all pre-dated Gateway Reviews by a significant margin. Their inception was a long time ago - certainly before OGC even existed - and the whole issue about Gateways is they are important reviews that are started very early on, not when the project is nearly finished.

Should Gateway reports be made public?

When we started Gateway Reviews no one prevented us from publishing all the reports. It was a choice we made based on what would be most effective in improving project delivery.

Our recommendation from the start has been we would get better results by giving the reports only to the government's Senior Responsible Owner (SRO) for the project. At the moment the SRO gets a copy of the report, and what happens to it after that is up to them. So if anyone is going to pass it on to the department's permanent secretary, for example, it would be the SRO. That act of trust has been very important to us.

Reports don't just sit with SRO's privately, but they own how they can be used. They are free to make it public but the OGC would recommend they didn't because it changes the way people give evidence to the Review teams and the way the team leader writes the report. The reports are for internal distribution, punchy and to the point. They are done very fast, in four or five days, in order to be useful in real time. If the reports were to be published, they would take longer to write and longer to clear so they would lose that promptness.

These reports are not 'personal' - they are used by the National Audit Office (NAO). Virtually every relevant NAO report has an appendix that gives clear details of what the Gateway Reviews said. The difference is they are doing these a year or so down the road.

The question of government accountability is often raised in this context.

The government has to be accountable and they are, through the NAO. They are handled by the NAO slightly further down the road, but that doesn't mean people aren't accountable. A year after Gateway Reviews started we wanted to improve accountability so the red/amber/green grading colours were introduced because people said they wanted to be absolutely clear what the state of the project is. That voluntary addition by the government was encouraging because it doesn't allow people to write a 'mandarin' report, open to interpretation.

The red/amber/green grading is something the owner of the report reports to the permanent secretary, so it's not secret. A red review doesn't mean 'stop', it means if you are not prepared to take action quickly the project is in danger of failing. The SRO will then either decide to carry on and carry out the recommendations, or to stop the project. There have been many occasions where projects have been stopped by departments because of what Gateway teams have said, particularly at the early 'business case' stage.

Does the OGC need more clout in terms of the implementation of Gateway recommendations?

When we introduced the red/amber/green scheme, the government department got more power to recognise its own situation so we think that was in itself a substantial move forward in terms of giving the OGC more clout. It pushes up the pressure on people to perform because you can't misinterpret 'red' and it increases the embarrassment of going to a select committee in two years time to say you got a red report and ignored the recommendations.

Within the department, if something gets a red it does get the permanent secretary to pay attention and if it gets two in succession they would pick up on the specific problem. So it would not get to a situation where a project got repeated reds and the permanent secretary didn't know.

I am asked the question often about whether Gateways need more clout and I honestly think if I asked we would get it, but we haven't asked since we introduced the red/amber/green scheme because we haven't felt we needed it.

All our work in helping departments set up good programme management teams and Centres of Excellence and so on is designed to put in place the infrastructure for them to deal with these situations within the department. There are three different timescales - Gateways are immediate, but then there are also Centres of Excellence set up within departments to embed best practice, and the re-skilling programme to roll out skills to make departments more self-sufficient.

Do you think best practice should be enforced by legislation?

I find it difficult to know what is intended by legislation and I'm not sure what shape the law would take.

The word mandatory already applies. Departmental Centres of Excellence are mandatory. Gateway Reviews are mandatory across central civil government and agencies. I can guarantee that today there are no mission critical central government projects that aren't gated. What would you achieve with legislation making something else mandatory as well? Not a lot.

The pressures that are being build into the system now are already showing results. There is no doubt things are improving, but we would like to finish what we have started with Gateway Reviews and Centres of Excellence and not get sidelined into something quite different. The OGC has had a profound effect in embedding best practice that was not dreamed of four years ago. That is not even fully in place yet and we need to be sure of that before we move on to new areas.

It is not as if government is not doing anything and needs legislation to force it into action. As an independent observer, I am impressed by how much departments are doing and I'm not sure what else we would like them to do.

Statutory instruments already exist in the NAO's right to investigate. There are no deep, dark secrets, it is just about appropriate timescales and handling things in a way that has the best results.

What are Gateway Reviews?

Gateways are carried out by independent teams of practitioners at key decision points in new government procurement programmes.

Gateway 0: strategic assessment

Gateway 1: business justification

Gateway 2: procurement strategy

Gateway 3: investment decision

Gateway 4: readiness for service

Gateway 5: benefits evaluation