Going public

With an annual €1 billion budget to juggle and the pressure of managing the mammoth IT operations of Her Majesty’s Revenue & Customs (HMRC), CIO Deepak Singh has one of the toughest technology jobs in Europe. CXO travels to Westminster in the heart of London to discuss his key projects, the impact of the recession and how he sees the role of CIO evolving.

Before HMRC you worked in various roles at the likes of AstraZeneca, Jaguar and Philips. What would you identify as the key differences between the public and private sector from an IT standpoint?

Deepak Singh. The first is sheer scale and complexity.  I don't think I have come across a private sector organisation that has the same level of complexity as HMRC, given the range of sophisticated products involved in managing a tax administration.  Deeply complex legislation and tax policies result in a highly differentiated and diverse business model which makes the work of the HMRC CIO even more difficult.  Given that HMRC supports virtually every man, woman, child and business in the country, our scale is huge and covers everything from Self Assessment to Corporation Tax.

Secondly, the cultural differences are massive. In the private sector you find a very common purpose around shareholder value, the customer agenda and the financial success of the business. In the public sector you tend to have less focus on those outcomes and much more focus on  public sector values, and providing effective services for the citizens who use those services. It's a different culture in that people are much more passionate about the service agenda as opposed to the financial results and outcomes a private sector organisation would look towards.

There is this perception there is greater pressure on transparency or accountability in the public sector when completing IT projects on time and within budget. Do you agree?

DS. No I would not agree; it may appear to be more difficult to be clear on accountability in the public sector but the reality is that accountability is even more demanding and stringent. Accountability is more layered because of the political aspect and much more complex because, as well as public accountability, IT projects face the scrutiny of Parliament and its powerful committees. Not forgetting close media interest and also in depth examinations by bodies like the National Audit Office. Overall, accountability in the public sector is much more demanding given the spread of customers and how Government IT impacts on citizens in a much more real way than a private sector organisation. There's nowhere to hide in the public sector.

How has HMRC progressed with efforts to slash the running costs of its IT infrastructure by 10 percent?

DS. We achieved this target back in December 2007 so we are going even further and have a number of internal activities that will involve fundamentally re-architecting our outsourcing arrangements. This doesn't just mean we want to reduce the prices of services we have purchased but is more about looking at how we work and the accountability we have across the outsourcing organisation and internal organisation. We are also looking at how we work with our business and how we consume as well as procure IT services from within the HMRC construct. We want to  have much clearer understanding and better planning around the propositions we want to put forward and how they turn into IT solutions.

A huge outsourcing project continues to be the 10-year Aspire outsourcing deal with Capgemini. Is it correct that you have extended this contract three years to 2017?

DS. Soon after the Aspire construct was created we had the merger between Customs & Excise and Inland Revenue, which has gone really smoothly. We are now constructing the future of our outsourcing arrangements to drive transformation at pace.  This will be achieved through the outsourcing arrangements with Aspire, so that we can leverage the global skills, capabilities and expertise that key players like Capgemini have. Pre-merger with Customs & Excise, the Inland Revenue spend was projected to be around €3.5 billion to 2014. We are currently projecting that we are in the region of €8 billion, partly because of the Customs & Excise merger. It also reflects the sheer amount of investment that has gone into modernising the department As a consequence there has been a huge investment in IT, which was not in the original expenditure projections, to enable that transformation.

HMRC is working with the British Bankers' Association (BBA) to establish a secure electronic data transfer with the banks. What benefits will this deliver?

DS. The secure electronic transfer solution has moved beyond the pilot stage and we have implemented it with two key BBA members. It means we can simply automate a lot of the data movements between ourselves and external third parties like the financial institutions and the insurance companies. It also means that we have a much more streamlined process, with auditing capabilities. More fundamentally, doing these things electronically, as opposed to through manual handling, means we have created a much more secure environment. Within the next two years we expect the vast majority of BBA members to be transacting with us through the electronic transfer solution as opposed to through 'removable' media solutions.  For instance, HMRC currently handles 40,000 media movements such as tapes, CD-ROMs and USB sticks, which are all securely protected through additional layers of encryption that we introduced in the last year or so.  This will no longer be necessary using the secure electronic data transfer solution.

On the subject of security, what have you done to tighten your defences since the loss of two unencrypted discs containing child benefit-related personal data on 25 million people?

DS. We now have locked down the use of CD-ROM and USB devices pretty much overnight on the back of the child benefit data loss. We have encrypted every single laptop and only use USB-encrypted devices. We have also tightened up the accreditation of our applications to ensure they are secure and meet the standards that exist across government. We successfully protect against 11 million intruder attacks every single year and we are not aware of anyone who has managed to get through. We have done quite a lot in terms of the technology to the point at which now the vulnerability and the impact of a data loss, be it the loss of a laptop or USB device, is much lower given the fact that we have pretty sophisticated and advanced encryption on these types of devices. The agenda has moved much more towards getting cultural and process issues associated with security embedded as a discipline. That is not saying that our staff within HMRC are not security aware because this is at the heart of any tax administration. The confidentiality of tax-payer data is an ethos that we have had for a long time. It is also not so much about understanding why security is important, but is about making sure our staff are enabled by having the correct and simpler processes by which to handle customer data.

Why is a robust IT infrastructure so essential to the successful and smooth running of HMRC?

DS. The world is moving much more towards a society that requires interaction in a much more flexible way - be it through the e-channel, text messaging, email or telephone. We have to make sure that our IT infrastructure is flexible enough to support the changing needs of our customers. The backbone of this is that if you assume that society will move to a self-serve agenda, whereby they can access services at their convenience as opposed to HMRC's convenience, then inevitably you have to invest in robust 'always on' infrastructure. We still have a long way to go with seeing how far our customers move in terms of their channel shift but we are seeing this through self-assessment and other regimes. Therefore, our IT investments are going to have to be much more 24/7 and stable to enable our customers to access our services at their convenience.

HMRC's website has crashed in recent years under the strain of the sheer number of people trying to file their self-assessment tax returns online. What are you doing to make the site as stable as possible?

DS. We received close to six million self-assessments online last year and 40 percent of those returns appeared within the last month of the 12-month period for returns. So there is this huge exponential growth in returns expected in the last month of filing. We have made huge investments in the stability of our online portal over the last two or three years. Last year was the fruition of that investment in terms of making sure all of the components of our IT infrastructure were stable, resilient so that we don't go through the same scenario that we had on January 31st 2008. Last year we had a 50 percent upturn in customers filing online and we did this with 100 percent availability without any real difficulties. The service is stable and highly resilient.

Presumably late filing would be solved by education?

DS. We have struggled with how we educate and enable our customers to smooth out the peaks and troughs that we get through self-assessment. What contributed to the 50 percent uplift in returns made online was the shift of the deadline for paper returns to October 31st. This said to our customers that they have a choice: if they want to use paper-based returns then they have a much more limited window by which to transact with us. Those that are prepared to move towards an online channel have the extended deadline of January 31st. It still doesn't fully remove the peaks and troughs and we have to both educate and enable our customers to see the value of filing in a much quieter period. We don't want to necessarily incentivise our customers financially because it is tax-payers' money but at the same time we have got to make sure people understand the benefits of doing this.

This is obviously a very tough time for all businesses - both in the private and public sector.  What effect will the recession have on HMRC's IT budget?

DS. Anyone who works in IT is always challenged to manage their costs in the most efficient way. Most CIOs and IT Directors do not go out and spend money for the sake of spending money. So this is a permanent agenda, whether in an economic downturn or otherwise. That said, the economic conditions that we see are going to lead to a much tighter squeeze on public expenditure than we have ever seen before. The agenda coming to the fore and being given much more attention by CIOs is the cross-government agenda i.e. how we can more holistically leverage across the public sector the opportunities to reduce our costs through economies of scale and by using the corporate buying power of the public sector as a whole. For example, the plan to consolidate our data centres, from 138 across the whole public sector, to less than a dozen is a massive cost saving opportunity. So the agenda is shifting much more towards shared services across government and making sure we can achieve greater economies of scale.

There is a danger that this recession could affect the next generation of IT leaders coming through. However, you were quoted recently as saying the "next generation of IT leaders will be born out of this crisis". Do you still believe this?

DS. I think that is absolutely true. The agenda has shifted fundamentally. I think businesses, both private and public sector, are going to be much more cautious about, one, their investments and, two, the value of those investments and the benefits they get from them. They will be much more cautious about how they manage money and will expect those organisations to be lean, including the IT function. That requires a different mindset, it requires IT leaders to take on a slightly different remit that is not just about modernisation but about getting your own house in order. It is about making sure you are efficient in how you manage your internal IT processes, how you procure IT and that you leverage much more the opportunities that the IT industry is providing CIOs. For example, the whole concept of cloud computing whereby you buy services in the 'cloud' as opposed to creating them yourself is all playing towards the agenda of making sure IT can be seen as a commodity and delivered through the most cost effective means. I think you are going to see CIOs and IT leaders much more akin to that agenda than they ever have been in the past.

Also, I don't think the IT industry itself is going to be any less affected by the downturn than any other industry sector. Typically, back-office functions get affected by monetary or financial squeeze and IT tends to be a back-office or corporate services function. I believe there is still plenty of growth in the marketplace, plenty of opportunities for IT to play a supporting role and as a consequence of that, the economic downturn will have a short-term impact. But investment in IT is not really an option - it is obligatory for all organisations given that IT is an enabler of transformation and an enabler of more efficient and effective services for our customers. In short, there is enough growth in the IT sector that will happen over the next five to 10 years and that will overcome some of the short-term difficulties in the next two to three years.