Month: July 2022

Central government is starting to explain what it intends for its new ‘Office of Local Government’. The Secretary of State explained that the body would analyse data covering areas such as education, recycling and social care and produce an annual report so that: 

“taxpayers will be able to see which councils are going furthest on the environment, which have really transformative children’s services and which are providing the best value for money”. 

Local authorities may be tempted to choose a simple solution to meeting the requirements of the new Office of Local Government. The combination of it not being a local priority, a deadline that suits someone else and having to meet unfunded duties whilst we all having to look for ways to cut services to balance the books means that many Chiefs will be looking for the easiest way to get this off the ‘to do’ list.

The easy way will look something like this: 

1. Buy software that’s apparently been built for this specific purpose. 
2. Require each service to input data on a recurring basis
3. Employ someone centrally to chase the updates
4. Record a narrative and actions and repeat the cycle

Sounds simple. Here’s why it’ll be painful.

There isn’t widely used software to do this today because no data driven organisations work this way. The data you’re reporting won’t come from the software. It’ll likely be a compound measure that will be derived from at least two other data points, stored in different systems and gather for different (service delivery) purposes. The task of amalgamating and (inevitably) cleaning the data will be added on to someone’s existing duties. The reporting period required won’t align to the rhythms of the service. 

Data-driven organisations have got data visualisation tools and business intelligence platforms which interrogate data in near real time to develop predictive models, identify correlations and causations and enable data to be interrogated. You might know this because you’ve already got one. So your simple solution will be to use sub-scale software or use convoluted and less safe alternatives, creating ever more complexity in your data architecture and ever more arguments about which version is the “truth”.

It’ll be painful because no data driven organisation focuses so much effort on reporting quarterly in arrears (or worse). They might run quarterly reports, but not to find out that the delivery function had a problem five months earlier. By the time you’ve run the reports, agreed the data and had the meeting the problem will have evolved. You’ll be watching stars.

It’ll be painful because it will increase the less appealing aspects of your culture. It’ll make the service performance sovereign, not the experience of the people whose needs it should meet. It’ll drive an individual focus on particular measures rather than a system understanding of what’s happening to people, fragmented across the different parts of your organisation. No one involved will be incentivised to have an honest appraisal of the systemic issues driving performance. You’ll be wanting to bring together more integrated focus and working, while all the time your reporting mechanisms will be driving wedges between your teams.

It’ll be painful because it will retrench your data skills. The incentive to get that data “right” will be huge given its purpose. So spreadsheets and emails will fly around before data is committed to the reporting system and hours will be spent trying to make sure that the numbers for submission to the central machinery give the right answer. And if you’re lucky, the opportunity cost to your organisation will have been that those people could have been building predictive models, or machine learning algorithms. If you’re less fortunate they will find rewarding jobs.

And after all of this Sisyphean effort, you’ll have a worse understanding of your residents’ experience. Take one metric I know too well: the average waiting time on the phone to speak to a customer services agent. When operational management made this their priority measure for success, they used to activate ’purple mode’. They answered the phone quickly and wrote down your name and number to call you back. So the metric looked good (the calls were answered quickly) but the time taken to return the call and whether the call resulted in the resident receiving the service they needed weren’t recorded. Those weren’t PIs.

The average waiting time reflects just one element of the customer experience and only the first step in their journey to having their problem sorted. But it was the only PI.

The average waiting time was (and remains) a function of the number of calls coming in and the number of staff to answer them. But management of PIs doesn’t lend itself easily to enquiring why. Whether the jobs are completed efficiently and correctly is one of the main drivers of demand. But those are separate PIs led by other people.

All those things are now visible on our business intelligence tool, many automatically. It doesn’t ensure that people ask the right questions. But it removes the effort from providing the data. And frees us up to do something with it (identifying people who haven’t accessed the service and targeting the areas where demand drivers need most attention, for example).

Of course, we could ask if any of this is well intentioned. Is comparing the performance of your local authority with one next door going to support levelling up through mobility? Is it going to enhance democratic accountability? Or would a focus on the systemic issues and root causes lead to better outcomes for citizens? That’s for others to answer.

Faced with this choice, the harder and smarter answer would be to:

1. Start with culture and ways of working: how do you curate the right conversations about problems, performance and progress?
2. Honour your commitment to the Local Digital Declaration and liberate data from legacy systems that inhibit you from capturing high quality data once at the point where the work is done and used many times to join up services and give the full picture of residents’ experience
3. Use data to deliver better public services that are more personalised and with faster feedback loops
4. Work in the open, with residents and partners to show why this approach makes your place one in which citizens can lead better lives, not simplify success down to your accountability to DLUHC’s annual report

Letter to leaders

A conversation this week helped me reflect on the high calibre of leadership in Hackney Council that has been key to our work to recover from our cyberattack. At the time I took parts of this for granted because I’d not seen anything different. This letter is to leaders of public sector organisations that have experienced (or will experience*) a similar situation to ours.

* Sadly, trends in cyber crime suggest that there will be many more to come.

Dear Chief, 

You aren’t alone, but you’re feeling lonely right now. And you are also probably feeling confused and a bit frightened. You knew technology was important but didn’t really know that you also ran a technology organisation. And right now you have very little. Your staff can only see the things they can’t do. 

And you’re probably feeling angry. At the criminals who’ve attacked you. Because of the agenda you can’t now deliver. And probably more than a little bit at your IT. You were never entirely sure you were ‘getting it right’ with technology. There was always a gap between what suppliers told you, what you read about and what you saw day to day. And that gap is now a chasm. 

But enough about you. What about the job you need to do now? Firstly, do no harm. You are desperate to get back to business as usual. But there’s something more important. You must make sure you don’t have another cyberattack. They aren’t like house fires. If you rush recovery, you might just introduce a new threat. So whilst you’re desperate to recover, you need to give your team the time to be thorough, no matter how frustrating that will feel. 

Whilst you’d love to turn the clock back, the job of recovery isn’t to return to what you had. You now need to lead transformation of your organisation’s technology and data, and its relationship to it. You need to take your senior leaders through some core concepts that they might feel isn’t their job to understand. Whether it’s their role as information asset owners (and how that relates to protect the people you serve who have been affected by the attack), why cloud computing is an essential part of your recovery, or why your strategic imperative is managing data, not recovering legacy systems. 

Normally a change management cycle (or just grief cycle in this instance) gives time to work through awareness and then desire, but you’ve got to accelerate through that at a speed you and your organisation are unlikely to have seen before. You are going to need to make strategic decisions quickly and make sure that your decision making processes support that. For example, your IT team shouldn’t have to invest time and and capital justifying why now isn’t the time for a return to legacy software and why the greater security and agility offered by cloud is where they should focus. 

You’ll want answers to questions about why we’re here. You’ll be frustrated to learn about how complicated the recovery work will be and the lack of definitive answers. But asking the questions more frequently or more aggressively won’t change the position. It just incentivises your team to divert their energies from the work that is most essential to getting your services back up and running. 

Has your team got the skills to recover? Bringing in outsiders to run the strategy might be tempting but could easily become a significant impediment to recovery. Your team alone understands the architecture of what was attacked. They don’t need to spend time explaining that to outsiders. They may need specialist help – in digital forensics, in building cloud infrastructure or recovering databases – but let them describe what they need. 

But that doesn’t mean your team can run all the things. You’ll want to tell the public what does and doesn’t work, and when it will return. But the attackers are watching you, so you must take care to not help them hurt you more. And the same IT team tasked with recovery will be getting a huge range of demands from colleagues, regulators, politicians, other organisations and salesmen. The team are now your most valuable assets – give them the protection and space to do their best possible work. 

You also need a good communicator who can understand enough of the detail, but who can translate the recovery path, uncertainties and all, to a range of different audiences in language that they will understand. Your service users nd partner organisations will be looking for information you probably don’t have, and you’ll need to find ways to inform and reassure, without confusing. The task will become more complex as you move away from the ‘day by day’ accounts of the initial work towards the slower and more frustrating long tail of recovery initiatives.

You’ll be desperate to know that the team is working as hard as they can. But you won’t recover from your cyberattack this week or even next month. You’ll need them working effectively at a sustainable pace – quite possibly into next year. Stand them down that first weekend. And the next. The time you ‘lose’ will be made up in time you’ll gain in reduced staff absences and avoiding exhausted people making mistakes. 

Your teams will also be grappling with as many emotions as you are experiencing yourself, and they’ll be looking to you to keep them calm, focused and supported. Recognise this and design the mental health and wellbeing support they need. And remember that you’ll need a break, too. The teams will follow your lead and will echo the way that you respond.

The team is also running more major projects simultaneously than any organisation would ever rationally take on. They are rebuilding a huge number of systems and dealing with critical needs across your organisation. Your governance is ill-equipped for this. Firstly, work with your support services so that they work with your IT team. You want to reduce the amount of recovery time spent justifying business cases or signing off contracts. But it also needs coordination across the organisation. Your IT team shouldn’t have to invent that governance. But nor must they be subject to a governance framework that measures the effectiveness of delivering against a plan, in linear fashion. A genuine collaboration around risk, user needs and change management will build a capability in your organisation that you’ll benefit from for years to come. 

This isn’t the moment for everyone to point at IT, saying ‘solve this problem’. You need to harness the passion and collective energies of staff that would otherwise be under-employed to develop the right solutions to keep things running while recovery work is taking place. But you had a corporate IT function for good reason – now is also not the time for a free-for-all. Make sure your teams working on interim solutions are being thoughtful about how data is captured and managed – that diligence now will pay back many times over when you are recovering your longer term systems and will help protect you from potential new threats. 

Your team is likely feeling considerable risk aversion. Yet as you embark on your largest concerted investment in IT for a generation, you must ask: ‘do we want to spend this money to go back to where we were, or to leap forward?’. ‘We use that software because that’s what they use in the other place’ must never again be a credible argument in your selection of IT. If you aren’t leading a conversation about modern technology with your organisation, your investment will be wasted. You’ll have faced an existential crisis and blinked. 

If you can do all of this, you might find yourself the leader of an organisation equipped for the technology age and have stepped forward many years in your strategic capabilities to meet the future challenges you were already focusing on. The opportunities for your organisation, the people it serves and your staff can become a competitive advantage. 

And if you’d like a chat, just get in touch. 

Best

Matthew Cain