Recommendation 25

In December 2021, we examined challenges in implementing digital change. We concluded that there was no clear plan to replace or modernise legacy systems and data that were critical to service provision but were often old, unsupportable, vulnerable and a constraint on transformation. We recommended that CDDO should work with departments to map legacy systems across government to document what is there, why it exists and how critical it is. We recommended that, by the end of 2022, the CDDO should use this to produce a pipeline of prioritised legacy systems with milestones for action.54 The government agreed with our recommendation, and in response told us that CDDO was working with departments to establish a common methodology for identifying and prioritising legacy risk, which it aimed to implement across departments by the end of 2022.55 CDDO told us that, it was making progress with departments to identify and understand the risks and to help departments mitigate them.56 It explained that it had developed a framework and tested it with six departments including Defra, which covered 105 systems, and highlighted those which needed immediate work. It intended to use the framework with the remaining departments by the end of 2023, and to refresh it annually. 49 Qq 46, 63 50 Q 30; C&AG’s Report, para 12 51 Q 72 52 Qq 68, 72 53 Q 43 54 Committee of Public Accounts, Thirtieth Report of Session 2021–22, Challenges in implementing digital change, HC 637, 10 December 2021 55 HM Treasury, Treasury Minutes: Government response to the Committee of Public Accounts on the Twenty- Seventh to the Thirty-First reports from Session 2021–22, CP 631, February 2022 56 Q 41; HM Treasury, Treasury Minutes: Government response to the Committee of Public Accounts on the Twenty- Seventh to the Thirty-First reports from Session 2021–22, CP 631, February 2022 Tackling Defra’s ageing digital services 17 It told us that it expected that this work would give it a good sense of where the risks we