Source · Select Committees · Public Accounts Committee
Recommendation 5
5
HMRC has spent too much of its IT budget on patching up legacy systems rather...
Conclusion
HMRC has spent too much of its IT budget on patching up legacy systems rather than modernising them. The COVID-19 pandemic has shown the importance of an effective tax administration system. There is a strong case for investment in a modern IT system. Of the additional costs incurred by HMRC as a consequence of the pandemic, the largest element, as of 11 September 2020, was the cost of IT at £53.2 million (80%). HMRC says that it has made some progress in its ambitious digital transformation but is looking for opportunities to reduce the risks facing its IT systems so that they are kept up to date and safe from cyber-attacks and HMRC performance 2019–20 7 catastrophic losses. The Department accepts it should redress the balance between spending too much on legacy systems and not enough on investing for the future. Since we took evidence, HMRC secured £268 million in the November 2020 Spending Review to fix its outdated IT, to ensure its core systems are secure and support better administration. It remains to be seen whether this is sufficient to urgently address the long-standing issues the Department has identified. Recommendation: HMRC should write to us, by the end of March 2021, setting out what it is doing, and has planned, to refocus IT investment on modernisation for the future, while retaining resilience, so it can move on from the need to simply keep patching up legacy systems.
Government Response
Acknowledged
HM Government
Acknowledged
5.1 The government agrees with the Committee’s recommendation. Recommendation implemented 5.2 The department has been addressing its legacy technical debt since 2019 and received funding of £268 million at the 2020 Spending Review to continue the work to improve the agility, resilience and security of its IT estate. The estate comprises over 6,000 servers and over 550 associated IT systems so is an extremely complex and inter-dependent one. The plan to tackle legacy technical debt has focused on a number of areas: • Rationalise/Streamline: Rationalising the department’s IT estate – to date 20% of the department’s total services have been de-commissioned or retired; • Remediate: Addressing high priority technical debt to replace out of support and old components, so that the core system security is enhanced, together with strengthening perimeter controls protecting the department’s IT systems. The department has spent £36.3 million on this activity in Financial Year 20-21; • Migrate: The next step in this programme of work is to migrate these systems to the Cloud. Hosting savings will be delivered, thus reducing baseline IT spend. These systems can then be further transformed as part of full service transformation (multiple IT systems grouped together form a service such as Personal Tax or VAT), which is agreed industry-standard practice; and • Transform: Focusing on defining and consolidating system delivery centred around strategic components, reducing operating cost and concentrating management activities around a reduced set of components which support HMRC operations. This both reduces the operating cost and the security attack surface area, which helps HMRC defend its systems. 5.3 The ODP details the plans on how the department is remediating technical debt and the work HMRC have done to develop core foundational structure elements for HMRC.