Source · Select Committees · Public Accounts Committee
Recommendation 9
9
Departments typically do not have a good understanding of their IT estate, legacy systems are...
Conclusion
Departments typically do not have a good understanding of their IT estate, legacy systems are often poorly understood because of their age, and replacing these systems 10 Q 7 11 Dr Jerry Fishenden, Professor Mark Thompson and Assistant Professor Will Venters submission page 2 12 Qq 13–14 13 Qq 27, 7 14 Chair opening statement 15 Q 1 16 C&AG’s Report, para 2.15 17 Committee of Public Accounts, Digital Services at the Border, Forty-Eighth Report of Session 2019–21, HC 936, 12 March 2021; Committee of Public Accounts, e-Borders and successor programmes, Twenty-seventh Report of Session 2015–16, HC 643, 4 March 2016; Committee of Public Accounts, The National Law Enforcement Data Programme, Twenty-Ninth Report of Session 2021–22, HC 638, 8 December 2021 18 Q 1 19 C&AG’s Report, para 2.17 20 C&AG’s Report, paras 2.25–2.16 21 Q 39 22 Q 40 23 C&AG’s Report, para 8h 10 Challenges in implementing digital change carries risk.24 We asked the Cabinet Office if anyone has a clear picture as to what major legacy systems exist across government. The Cabinet Office told us that it has recently started to try and build-up this overall picture and that departments are getting more detailed in their understanding. However, it acknowledged there is not yet a clear on- going process for assessing and understanding cross-government legacy risk. The Cabinet Office is piloting a simple, risk-based model with three departments that it hopes will provide this dynamic view of legacy IT across government and enable conversations about funding with HM Treasury. This process is due be rolled out more widely in 2022.25 Missed opportunities for transformation
Government Response
Not Addressed
HM Government
Not Addressed
2: PAC conclusion: There is no clear plan to replace or modernise legacy systems and data that are critical to service provision but are often old, unsupportable, vulnerable and a constraint on transformation. 2: PAC recommendation: At the start of 2022 the CDDO should work with departments to map legacy systems across government to document what is there, why it exists and how critical it is. By the end of 2022 the CDDO should use this to produce a pipeline of legacy systems they have prioritised with milestones for action. This pipeline should be shared with the Committee. 2.1 The government agrees with the Committee’s recommendation. Target implementation date: end of December 2022 2.2 At the 2021 Spending Review, CDDO worked closely with HM Treasury to provide spend teams with expert input and advice on the prioritisation of Digital, Data and Technology (DDaT) spending bids submitted by departments, considering the particular challenges and investment needs being faced by departments. As a result, the government has committed to invest £2.6 billion in cyber and legacy IT over the Spending Review 2021 period. Building on this, CDDO is now working with departments to establish a common methodology for identifying and prioritising legacy risk. CDDO aims to implement this across ministerial departments by the end of 2022. 2.3 CDDO will work with departments to agree remediation plans to address key risks and to reduce overall government exposure to legacy systems. Departments’ progress in delivering these plans will be monitored through regular Quarterly Business Reviews jointly chaired by CDDO and HM Treasury.