National Audit Office - ‘Verify is an example of the failings often seen in major government programmes’

Profile picture for user ddpreez By Derek du Preez March 4, 2019
Summary:
The National Audit Office’s verdict of the identity verification service, Verify, is a blow to the Government Digital Service, which has tried to avoid failings of the past.

Identity

The Government Digital Service’s flagship identify service programme, GOV.UK Verify, has suffered from many of the failings that are often seen in major government programmes - including optimism bias and a failure to set clear objectives.

This is the view of the National Audit Office, which has examined the success of Verify to date. The findings of the report released this week will come as a blow to GDS, which set out to change the status quo of technology service design and delivery.

The NAO’s verdict will likely raise concerns about GDS’s approach to the project, given the department’s criticism of Whitehall’s track record of major project delivery.

By way of background, Verify was intended to be a flagship digital programme - and a core element of GDS’s government-as-a-platform approach - to provide identity verification services for the whole of government.

Whilst praise has been given to GDS for its innovative and technical approach to the platform, the department is failing to meet its target of 25 million users signed up to Verify by 2020, with only 3.6 million people using the service by February 2019.

It was announced in October last year that the Cabinet Office and HM Treasury would stop government funding for Verify in March 2020 and GDS will withdraw from its operational role running Verify at this point.

GDS is currently considering what the future commercial model for Verify will look like post April 2020 and is considering how private sector providers will take over control and management of the platform.

One possibility, according to the NAO, is that departments would procure identity verification services directly from the market of private sector providers. However, departments currently do not pay their full usage costs for Verify - but would have to under a market-based model. This means that after April 2020 GDS will not longer set prices and future prices cannot be guaranteed, potentially making it unaffordable for government departments to use.

The facts

According to the NAO, only nineteen government services currently use Verify, which is less than half the number that was expected by March 2018.

Also, government users of Verify, such as those using Universal Credit, have experienced problems with the platform and have had to undertake more manual processing than anticipated.

GDS reported a verification success rate of 48% at the beginning of February 2019, against a 2015 projection of 90%.

With regards to financial savings, GDS estimated in its 2016 business case that Verify’s benefits would total £837 million for the period 2016-17 to 2019-20. This estimate has now been revised down to £217 million, 75% less than what was originally anticipated.

What’s more concerning is that GDS classifies these benefits as non-cash releasing, meaning that a significant proportion of Verify’s expected financial benefits come from departments’ avoided building costs (money they would have spent themselves on identity assurance services). The NAO states that it has “not been able to replicate or validate GDS’s estimated benefits on the evidence made available”.

In addition, GDS has not achieved the goal it set out in its 2016 business case of making Verify largely self funding by March 2018. It had expected that prices paid per sign-up would fall over time as user numbers increased. However, user volumes did not increase as expected and average prices paid to providers remained above £20 for new verifications.

As a result, GDS has continued to subsidise departments for using Verify. Interestingly, HMRC is the only department to have paid for its Verify usage (£6.7 million). Invoices have been issued by the Cabinet Office to departments, but these have not been paid.

The damning verdict

All of the above leads the NAO to draw the following conclusion, which will come as a real blow to GDS:

“In many ways the Verify programme is an example of how government has tried to tackle a unique and unusual problem, adapting over time in response to lessons learnt and the changing nature of the external market. Government has identified fraud as a growing threat across the modern economy, both within and beyond the public sector, and that confidence in identity is an important element of protecting services and users.

“In an attempt to strengthen online identity while maintaining a high degree of privacy, GDS has helped to define standards, build the Verify platform, and develop the market of private sector identity providers. After struggling to build demand within the public sector for Verify, government has now decided to hand over control of Verify to providers from 2020 with the aim of encouraging its use for non-government services, to deliver wider benefits and build scale that may benefit government in the longer term through lower prices.

“Unfortunately, Verify is also an example of many of the failings in major programmes that we often see, including optimism bias and failure to set clear objectives. Even in the context of GDS’s redefined objectives for the programme, it is difficult to conclude that successive decisions to continue with Verify have been sufficiently justified.”

My take

Rumours had been circulating for months regarding the troubles facing Verify, prior to the Treasury pulling its funding. Verification rates raised a few eyebrows and departments continued to build and use their own identity assurance systems, with disregard for GDS’s Verify agenda. It’s important to note that the technical innovation of Verify has been praised and GDS was trying to do something that hadn’t been done before. That being said, we were led to believe that the whole point of GDS’s approach to service design was that we would no longer reach a point where millions had been spent and projects continued to fail. GDS may well suggest that the £154 million spent so far is peanuts compared to what a private contract would have cost to attempt this, but I can’t help feeling disappointed that this feels like a very traditional IT cock-up.