Richard Digard: P&R can’t have it both ways

Without wishing to be alarmist, each and every one of us reliant in any way on digital services provided by the States of Guernsey has been exposed without our knowledge or consent to a ticking time bomb of island-wide proportions.

The reason, as you may have guessed from use of ‘digital’, is the rather brutal dismissal of Agilisys and the near overnight sacking of around 80 people directly employed, in an IT sense, to keep the lights on.

Oh, and terminating Agilisys like this ‘for reasons relating to [its] performance of the contract’ also exposes you as a taxpayer to as yet unknown potential litigation costs and, from one estimate I’ve heard, to a London barrister’s bill of £1-1.5m. for advice on ending the contract.

This is all deeply troubling. And it raises two questions – was axing Agilisys the right thing to do? And has it been done in the right way?

Apologies in advance, for this is quite involved and we’re in wet towels and strong coffee territory but the announcement on Friday 23 May rather drives a dagger through the oft-repeated States of Guernsey mantra of transparent and evidence-based decision-making.

First up, what is a screaming affront to due process, and ought to be setting all non-Policy & Resources deputies’ teeth on edge, has nothing at all to do with whether Agilisys deserved to be sacked or not.

Instead, it hinges on whether you can believe what government tells you and its ability to set policy and manage strategic implementation.

To explain simply. The States adopted years of research, meticulous planning, a tender process, a Billet d’Etat report, a full debate in the Assembly and general endorsement of having a single IT provider as best way of managing the island’s very complex and inter-dependent systems.

Then suddenly, six years into a 10-year contract, that decision is so bad it has to be terminated with the risks I outlined earlier and justifies a U-turn, opting instead for a multi-vendor model.

Remember, adopting a single IT provider was subject to extensive public scrutiny and debate. Scrapping that approach was decided by a handful of blokes in the proverbial smoke-filled room. And – get this – you don’t know why.

The official justification is as follows: ‘The States will move to a multi-vendor model; meaning services and projects will be delivered by a range of providers rather than one. The States believes there are many benefits from a multi-vendor model…’

Yet when P&R made that announcement (based, we’re told, purely on belief), it had nothing concrete in place to replace Agilisys, was merely ‘confident’ of securing agreements, and on a wing and a prayer timescale that avoided hiccups.

By contrast, the cost of engaging Agilisys was well known and endlessly discussed. Here, you have no idea what P&R has committed you to, at what cost, or with what identified benefits.

In case you think I’m over-egging this, cast your mind back to what the States was trying to achieve – a digital-by-design modernisation and improvement of a legacy system used by around 5,500 States employees with 4,500 different applications.

Selecting Agilisys was such a big ticket deal that this was said at the time: ‘It marks a major milestone in what will be a 10-year agreement to modernise the States’ IT systems and improve service delivery of public services through the adoption of digital technology to improve access and operational efficiency.’

Unusually, it was the Law Officers who said that. They were pretty chuffed with what they’d negotiated with Agilisys – I believe the contract runs to more than 1,000 pages – and its commercial team provided legal assistance and advice to P&R during the two-year procurement process and ongoing negotiations with Agilisys.

So, here we are today and that painstaking and thorough approach is in shreds for reasons ‘relating to Agilisys’ performance of the contract’, according to P&R. Its then members added that they were ‘unanimous in our decision to terminate the contract, following the advice we’d received from senior officials who manage the contract and delivery of services'.

So what the States put in place, bureaucrats can remove, without reference to the Assembly.

Now, as I say, getting rid of Agilisys may have been the right thing to do. But we may never know unless or until the reasons for that sacking are subject to a court hearing.

Only then will we know whether Colin Vaudin, the then States IT supremo who wanted a single provider, or Ge Drossaert, the replacement States’ chief digital and information officer who wants multiple providers, is correct.

My take, and this is based on the rather caustic reviews of government’s own IT capability by Scrutiny and PwC, is that this comes down yet again to the States’ (in)ability to manage external contractors, public-private partnerships and commercial reality.

It’s worth remembering, too, that when Agilisys spotted SoG’s IT finest hadn’t produced a business continuity plan for its disaster recovery process, it offered to do one for them.

That was rejected and instead – unbelievably – the States decided to waive Agilisys from any responsibility if there was a system failure (as there indeed was) because it wanted to prepare its own plan.

As reviewing consultants PwC subsequently noted: ‘The waiver was signed, but no [IT service continuity] plan was subsequently provided to Agilisys.’

The States’ own Scrutiny committee declared: ‘The principal findings of the Panel were that the implications of entering the 10-year partnership with Agilisys were not fully understood. The scale of the work required was underestimated and, most crucially, the level and volume of retained technical expertise within the public sector needed to effectively manage and oversee the contract with Agilisys was totally inadequate.’

So SoG struggled to maintain and manage one contract via a single supplier and its hand-picked team of 80 – 40 were in the UK as dedicated support staff – and instead wants to control a pick and mix approach with multiple partners to look after while improve its IT and digital systems.

Oh, and get that in place in a matter of weeks rather than the more usual 12-month hand-over process. Hence the danger the action poses to core IT systems like benefit payments, ports, courts and health and education.

The other oddity is that P&R went down the contract route, with all its risks of legal action, to terminate when the contract had a much easier get out of jail clause that could have been invoked.

It’s known as ‘convenience’ and is pretty common in agreements with public bodies because it recognises that politics exists and what’s flavour of the week one term might not be the next, so you also wonder whether the then looming election was a factor in the ‘old’ P&R’s decision.

So there you have it – a behind-closed-doors decision that exposes you to financial and other risk without even the opportunity to ask Gavin St Pier, who was chief minister at the time, why everyone was so sure Agilisys was the right way to go.

If a single provider isn’t the best option after all, how did the States in 2019 get such a major decision so wrong? Perhaps worse, no one’s asking.