Denise Dourado formally appointed as SRO 

Credit: Adobe Stock

HM Revenue and Customs has formalised the appointment of a senior responsible owner for its £300m-plus programme to move hundreds of services and systems to a cloud environment.

Newly published transparency information reveals that the department’s chief executive Jim Harra recently wrote to Denise Dourado to “formalise [her] appointment” as the SRO for the Securing Our Technical Future scheme. She had already been listed as holding the position since SOTF was added to the Government Major Projects Portfolio in 2019.

Her formal appointment letter provides significant detail on the scope and timelines of the programme, which will see HMRC move services and data out of three Fujitsu-run datacentres. Its contract with the Japanese firm runs until June 2022 – which has been set as the deadline for moving 600 services either into a public cloud environment, or otherwise to infrastructure owned by Crown Hosting Data Centres.

“Any further lease extension is against Cabinet Office guidance and likely to prompt wider commercial challenge,” the letter said.

Among the first objectives set out in the missive is moving back-office software into a hosted environment.

This will involve “the migration of SAP from a physical datacentre to a cloud environment to ensure data protection legal compliance and provide scalability to support forecast Brexit volumes”.

Related content

• HMRC begins prep for major cloud move
• HMRC approved for £112m Microsoft spending
• HMRC chief defends tax agency’s data storage deal with Amazon Web Services

After this, Dourado and her team will need to “confirm priority services for cloud migration”.

Those “that cannot be safely migrated to cloud” will be moved to a datacentre operated by Crown Hosting – a joint venture of the Cabinet Office and specialist firm Ark Data Centres.

“As… services are migrated, they will address the underlying infrastructure technical debt associated with these services. The schedule and timings of these service migrations are strictly controlled by the programme and reported monthly at programme board,” the letter said. “SOTF is committed to protecting the privacy and security of personal data and we understand and take seriously HMRC’s obligations as a data processor. The SOTF programme will be compliant with all 13 GDPR policies and ensure that it actively promotes and delivers on these policies. The SoTF programme will also ensure data protection is embedded by design and default into all processing activities and business practices.”

The Securing Our Technical Future scheme has been through various iterations and evolutions, beginning with HMRC’s programme to gradually exit its £10bn Aspire contract, an IT outsourcing deal with Capgemini and Fujitsu that began in 2004. This segued into the Columbus Cloud programme to move data and systems into a hosted environment. 

Work was paused in 2018 – alongside many other programmes – as the department battled to keep on top of its Brexit-related work.

But, now known as SOTF, the cloud-migration programme was added to the Government Major Project Portfolio in 2019.  An assessment published by Harra a year ago concluded that the programme was “value for money and deliverable”.

Data from the Infrastructure and Projects Authority puts the whole-life cost of the project at £312m.

Amber rating
In its annual major projects report for the 2019/20 year, the IPA awarded the HMRC cloud scheme an amber rating, indicating that “Successful delivery appears feasible but significant issues already exist, requiring management attention.”

According to additional assessment data published by the authority: “[This was] due primarily to the following factors: resources from the programme may be diverted onto other critical HMRC programmes (such as EU Exit); some of the skills and expertise required to deliver were not available within HMRC so were needed to be contracted-in and HMRC staff upskilled through training and development our internal resources.”

It added: “There is a risk that other programmes upon which SOTF is dependent, [may] not replace or converge services by agreed deadlines… and other projects and programmes that are dependent on SOTF deliveries may not align to current migration plan.”

According to her LinkedIn profile, Dourado has been cloud programme director at HMRC since 2017, having joined the tax authority after a long stint with the NHS. Earlier in her career she worked at Deutsche Bank and PwC.

According to government guidance the senior responsible owner of any major project “is accountable for ensuring a programme or project meets its objectives, delivers the projected outcomes and realises the required benefits. SROs of GMPP projects are also accountable to parliament”. This can include giving evidence before select committees.

In her role as SRO for the Securing Our Technical Future scheme, Dourado will report to Harra and the HMRC executive committee.

The formal confirmation of an SRO for the cloud programme comes shortly after the publication of a report from the National Audit Office found that the need to “patch up legacy systems” has caused £50m of excess expense for HMRC during the coronavirus crisis – equating to 80% of all additional costs during the pandemic.