NAO report finds Verify exemplifies ‘failings we often see in major programmes’
Auditors flag up a range of targets missed and benefits not delivered
A report from the National Audit Office has found that the Government Digital Service’s work to deliver GOV.UK Verify exemplifies “many of the failings in major programmes that we often see”.
Such familiar shortcomings include “optimism bias and failure to set clear objectives”, auditors found.
The Investigation into Verify report comes five months after it was announced that government funding for the identity assurance platform will cease in 2020. Thereafter, five of the service’s private-sector partners will assume responsibility for its future development.
The NAO warned that, once prices are dictated by market forces, this could mean a rise in costs for Verify’s government users.
“After April 2020, GDS will no longer set prices, so it cannot guarantee what prices will be determined by the market in future,” the report said. “There is consequently a risk that the market price for identity verification services could be unaffordable for government departments using Verify.”
The service’s biggest government customer is Universal Credit, which the NAO said represents “the constraint on closing Verify entirely”.
“However, most claimants cannot actually use Verify to apply for Universal Credit,” the report added. “Only 38% of Universal Credit claimants can successfully verify their identity online – of the 70% of claimants that attempt to sign up through Verify.”
The Department for Work and Pensions has provided £12m to help “support the continued operation of Verify to March 2020”, and is working with GDS to formulate a plan to grow the proportion of claimants able to use the service.
Prior to the decision to hand over the platform to the private sector, the Verify project consistently fell short of projections, auditors found.
Missed targets include:
- GDS’s goal was to sign up 25 million users by 2020. Just 3.6 million people are currently registered and, at current rate of progress, this will rise to only 5.4 million by next year – representing little more than a fifth of the target.
- Only 19 government services currently use Verify – compared with the 46 that GDS intended would do so by March 2018.
- The platform’s verification success rate – which measures the percentage of people able to successfully register for Verify on their first attempt – stands at 48%. A success rate of 90% was originally projected.
- Verify was scheduled to be “largely self-funding by March 2018”. But the failure to attract the intended number of users has meant that costs have remained high, with more than £20 paid to identity providers for each new user sign up, the NAO found. This has “meant that GDS has continued to subsidise departments for using Verify… [and] most departments have not paid the Cabinet Office and GDS even for subsidised services”, according to the report.
- For the four-year period covering 2016/17 to 2019/20, Verify was originally forecast to deliver benefits of £873m. GDS has now revised this estimate to £213m – less than a quarter of the initial projection. The NAO did not directly dispute this claim, but said that “we have not been able to replicate or validate GDS’s estimated benefits on the evidence made available to us”.
In its concluding remarks, the report said: “In many ways, the Verify programme is an example of how government has tried to tackle a unique and unusual problem, adapting over time in response to lessons learnt and the changing nature of the external market. Government has identified fraud as a growing threat across the modern economy, both within and beyond the public sector, and that confidence in identity is an important element of protecting services and users. In an attempt to strengthen online identity while maintaining a high degree of privacy, GDS has helped to define standards, build the Verify platform, and develop the market of private sector identity providers.”
"Verify is a textbook case of government’s over-optimism and programme management failure."
Meg Hillier, Public Accounts Committee
It added: “Unfortunately, Verify is also an example of many of the failings in major programmes that we often see, including optimism bias and failure to set clear objectives. Even in the context of GDS’s redefined objectives for the programme, it is difficult to conclude that successive decisions to continue with Verify have been sufficiently justified.”
Meg Hillier, the chair of the House of Commons Public Accounts Committee, characterised Verify as “textbook case of government’s over-optimism and programme-management failure”.
“Despite spending at least £154m on Verify, only half the people that try to sign up are able to use it and take-up is much lower than expected,” she said. “More worrying, it is not yet clear what it will cost for government departments to continue using Verify when government funding stops next year.”
Responding to the NAO report, a spokesperson for GDS said: “"Verify is saving taxpayers money and is a world-leading project in its field. The NAO report reflects that it has been a challenging project – but challenges like these are to be expected when the government is working at the forefront of new technology.”
The spokesperson added: “We now believe that Verify is at a point where it can be taken forward by the private sector to provide a single source for people to confirm their identities online. This will see the government’s investment in the project cut back as the private sector takes it forward. This ensures Verify will continue to enable people to access services easily online, while protecting them from organised crime, identity fraud, and other malicious online activity."
Minister discusses need for new training campus and greater use of data in evaluation of projects
Experts discuss what the lasting impact of the pandemic might be for government and the public sector
Cabinet Office spearheads efforts to highlight work of officials in responding to coronavirus
PublicTechnology editor Sam Trendall salutes the outstanding efforts of public sector...
PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right
CyberArk's David Higgins explores the cyber risks of hiring independent contractors
HPE shows why organisations are increasingly seeking to understand and consider the environmental impacts of their IT purchasing decisions
HPE makes the case for hybrid cloud services to transform and enhance relationships with citizens...