 Good morning and welcome to the fourth meeting of the Public Audit and Post Legislative Scrutiny Committee in 2019. Item number one is decision on taking business in private. Do members agree to take items three, four and five in private this morning? Great. Item two is section 22 report, the 1718 audit of Scottish Social Services Council. I'd like to welcome our witnesses to the meeting this morning. Caroline Gardner, Auditor General for Scotland, Gillian Matthew, Senior Manager, Audit Scotland and Joanne Brown, director, Grant Thornton UK LLP. Can I please invite the Auditor General to make a short opening statement? Thank you, convener. Today's report is about the management of an ICT programme in the Scottish Social Services Council. The external auditor gave an unqualified opinion on the 2017-18 accounts. That means that she's satisfied that the accounts provide a true and fair view of the body's financial position and that there are no significant errors in the accounts. However, the Scottish Social Services Council fell short of the expected standards of governance and transparency in implementing a new digital strategy. The council and the care inspectorate share a building in Dundee. They also share services, including finance, HR and ICT, and they have joint posts across the two organisations. The social services council agreed a digital transformation strategy in June 2017, covering new infrastructure and update to Microsoft Office and a new case management system, but the strategy did not clearly set out the intended benefits. In March 2018, the council decided that implementing the strategy meant that it needed to end the shared ICT service. There is a service-level agreement covering the shared services, but there's a lack of formal governance arrangements. That meant that there was no clear process for ending the shared service, and the council didn't consider the implications for value for money. The decision to end the shared services also meant that the digital transformation project had to be expanded to include setting up a new network. The thing could, on-going ICT support costs, which were not factored into the strategy. Overall, the social services council's planning, monitoring and reporting of its digital transformation project were inadequate. In the absence of a proper business case and a fully-costed budget, the council can't demonstrate that the project, which is expected to cost at least £4.1 million, has delivered value for money. I'm joined today by Joanne Brown from Granthawnton, who is the appointed auditor, and Gillian Matthew from Audit Scotland, between us will do our best to answer the committee's questions. Thank you very much, Auditor General. I'm going to ask Colin Beattie to open questioning for the committee. Thank you. General, this seems to be yet another case of an IT project that isn't being handled in a particularly good way. It seems to be a pattern of this. Now, I realise that this is a department outwith the control of the Scottish ministers, a bit like the Registers of Scotland, but it seems that it was a very late stage that they engaged with the board that they set up to. They seem to engage at a very late stage on this. Did they not know that they existed? You're right that they did engage with the chief information officer late on. I think that that reflects the fact that the chief information officer's new approach is focusing quite deliberately on larger ICT projects—the ones that cost more money and are generally taking place in larger organisations. I understand why that prioritisation is happening. They have got limited resources and they have to focus them. Equally, you're right that there is a risk that smaller bodies and smaller programmes like this slip under the radar and we see some of the problems that we're seeing now less frequently in bigger bodies because of the rigour of the framework that's being applied. £4 million to me is a lot of money. It may not be in the grand scheme of government projects, but it's still a lot of money. Is there any part of the process that they followed that was considered to be adequate? In my view, I think that what went wrong in this project is what has gone wrong in many others, of not getting the building blocks right at the beginning. Unless people are clear what it is they're trying to achieve, they have a clear scope and budget for the programme and they've identified, assessed and managed the risks. Things are likely to go wrong further downstream. In that case, as my report sets out, that initial work wasn't done and hasn't been available to the auditor or my teams to look at. That's when you start to see this escalation of problems emerging and another ad hoc response and looking to fix things when the problem is in the foundations at the start of the process. If I'm correct, no actual losses have been sustained as yet, although obviously work has taken place with some sort of notional cost. At what point did internal audit become aware of this issue and how did they escalate it to the board? From an external audit perspective, looking at the work of internal audit, internal audit haven't specifically looked at the ICT programme or project. That's not been part of the internal audit plan. Previously, internal audit looked at the shared service arrangement and the service level agreement in place between the council and the caring spectrum back in 2016. At that point, internal audit recommended some actions to strengthen that service level agreement, which were agreed by management but don't then seem to have been followed through over the years. However, in terms of the ICT project, that's not something internal audit looked at. What was potentially a major project for this particular unit was just not on the radar of internal audit? Were they unaware of it? As external audit, it's quite difficult to comment on the engagement and the discussions that management had with internal audit, but it's certainly not been included within the internal audit plan to date. Is internal audit—do they have a reporting line into the board? From an internal audit perspective, they've got a direct reporting line to the accountable officer for the council. They've got a direct reporting line into the audit committee, and as part of that, they would have free access to the council convener. Do they have some input into the project? Is it simply because it's not in the agreement with the internal audit that they didn't look at it as a deliberate policy? Obviously, I can't comment on the conversations that internal audit would have had with the accountable officer, but from an internal audit perspective, it would be based on risk and priority of internal audit resource. I imagine that conversations happened, but it's not been within the internal audit plan. From the point of view of the external auditor, you look at what internal audit is doing. This project clearly was discussed at board level. Did the board discuss it at all with the internal audit? Is there any evidence of that? If not, why not? From the board perspective, the reporting around the project at the council level has been a bit sporadic. It's not being very consistent. The council themselves haven't had regular updates on the ICT project. In terms of how we work with internal audit, we look at the work that they do related to our financial statement audit. We consider whether we would place reliance on internal audit from that perspective, but we wouldn't place reliance typically on internal audit. As external auditors, did you look at this project? As external auditors, in terms of our review, that was outlined in our annual report on the concerns that we had around the ICT governance, the shared services, and the decision making of the project. We looked at it from a governance perspective, and that is reflected in our annual report on the concerns that we have around that. What was picked up as negatives on the way that projects being put together and managed were picked up by external audit, not by internal audit? That's kidding. Because it wasn't on the programme. I was going to amplify what Johann Brown has said, just by stressing that one of the concerns that we have about governance is that the programme board was chaired by the accountable officer, and there was, as Johann has said, very limited reporting to the council itself, the board of the council, about the scope of the project, about its costs, and about the progress that it was making. Getting that governance wrong in the first place makes it harder for the checks and balances that ought to be operating to be effective. Nevertheless, notwithstanding that, it seems to me that we've got, again, a case where we've got internal audit that have done their job, ticked all the boxes, but the problem wasn't identified, wasn't pulled out. What I would say again in there is that the system of checks and balances is meant to work as a whole and without the clear line of sight in approving a project and reporting it to the board, that risk management isn't going to work as well as it should do. Thank you, convener. Good morning. So, just to come out and look at some of the things going on around this project, my understanding from reading the report, Mr General, is that there was one ICT system that was chaired by both the SSSC and the Care Inspectorate. The SSSC has now come out of that. Presumably, the Care Inspectorate is still using the original IT system, which begs the question, is there an on-going cost to the Care Inspectorate? Now that they have this huge system that only half of the two contributors are using, and if so, is the SSSC paying any form of contribution to the Care Inspectorate? As with many aspects of this particular case, it's quite complicated. At the time when the social services council withdrew from the shared ICT contract, you're right that the Care Inspectorate was left with a number of costs that had previously been shared, which they had to continue to bear in the short to medium term. The council has taken on one of the members of staff involved in delivering the shared services to support their own work, so that's been managed to a certain extent. However, there was no consideration at the point where the council decided to pull out of the shared services agreement about the overall value for money to themselves and to the public purse as a whole, which is clearly a failing. Since then, the Care Inspectorate's ICT has itself moved on, and I think that Joanne can tell you a little bit more about that. Since then, the Care Inspectorate's ICT arrangements have moved on, and the Care Inspectorate has also had an ICT project, which they have just commenced. There has been a number of discussions between the Care Inspectorate and the council around the ending of that service level agreement, so the council is continuing to pay the Care Inspectorate under the service level agreement up to the end of March 2019. Conversations are happening between the two sponsor bodies around potential ramifications from 1920 onwards, and that's something that we'll look at as part of our future audits. Just to be clear, if I can reflect that back, the Care Inspectorate is not, by definition, the public purse on that side, is not out-of-pocket as a result of the decisions taken by the council. I think that what I would say to clarify is that there is obviously some on-going costs that the Care Inspectorate continues to pay, which they were paying under a shared service agreement, but when that agreement ends, they'll still incur those costs without necessarily providing those services to the council. For a short period of time, there is a potential risk that the Care Inspectorate is out-of-pocket based on that decision. I understand. The report, in order to general, says that the Scottish Government provided about £3.1 million worth of funding for this project on, I think that Colin Beattie said, about a £4 million cost. You also say in your opening remarks that there was no business case for this, and there was no budget produced. It begs the question, why did the Scottish Government advance £3.1 million to the council? On what basis did they do that? Is there some documentary evidence that they have seen that we haven't? It's a good question, and it's one that we've been probing as part of the preparation of this report to the committee. The funding that's been provided by the Government to the council has been an allocation within their overall funding allocation, and the council thinks that it will be able to deliver the things that it's now committed to within its overall funding. However, there isn't a clear line of sight between a business case and a budget and the funding that the Government has provided. I wonder if you can talk a little bit more about what you know about that. The discussions that we've had with the Scottish Government, as in them being the sponsor department, the chief social work adviser office, as I said, there wasn't a clear business case, but they did have a digital transformation strategy, which I think that a lot of it was based on. There were documentation and proposals prepared throughout the last few years about what that was going to look like and what they were going to implement, but it has changed quite a lot over that time. I think that it was on the basis of the initial documents, but there wasn't really a clear business case setting out exactly what that was going to look like and what the benefits were going to be the costs have changed throughout that time as well and there was never really a clear budget set out. They have had updates on how the project has been progressing, but I think that at quite a high level, and updates on budget as well, but again it's not been against a sort of clear initial budget of what it was going to cost. As things have been added because of things like the shared service being terminated, then the costs have increased as well. I'm sure that you can see where I'm going. It feels, just from reading the report, that the Scottish Government, the oversight of that section of public money, is insufficiently robust and that decisions were made at the council level, which the committee will no doubt explore, but the Scottish Government is not fulfilling its oversight role in saying, are we ensuring that before we authorise anything, before we release funds, there is a sufficient case in place? Would that be a fair conclusion to draw from your report? From the discussions that we had with the Scottish Government at the end of last year when we were preparing the report, it was clear that they had been getting, as I say, high-level updates, but they weren't aware of some of the detail as we started to share the information with them about the risks, the lack of governance, how the project had been managed, they hadn't been looking at it in that level of detail. I think that, to be clear, in this case, we'd agree that there wasn't a sufficient level of clarity about what was intended to be achieved and how much funding was needed to do it, and there wasn't enough reporting back to make sure that it was being delivered as planned. Willie Coffey Thank you very much, convener. I feel as though we're dusting down some of the usual questions in relation to ICT projects, Auditor General, but could you just clarify what caused your intervention here? It seems lucky that this has been caught at a reasonably early stage before we hear the story that we're familiar with in the past. Examples, what brought about this intervention? I think that what you're saying is one of the benefits of there being independent audit of all public bodies in Scotland. Joanna's part of her audit work on the council identified in terms of the expenditure and, particularly, the governance that there was a problem that set out in her annual audit report to the body and to me. I've used my powers under the Public Finance and Accountability Act to draw it to the attention of Parliament. That's the way it's intended to work. Good. Usually, principles for a digital future, do you have any sense that the organisation knew of its existence and were applying it? Doesn't it appear so? I think from discussions with the accountable officer as we were exploring some of the risks that we've highlighted in our annual report, there was an acknowledgement around the report and the digital strategy and the guidance there, but a lack of clarity about how they've then applied that guidance to this project. Does that bring in the question of skills, expertise? I know that other colleagues want to go down that route, but we seem to always arrive back there. Do we have the proper, correct, sufficient skills within these organisations to drive forward projects like this? I mean, it doesn't appear to be a huge project, Auditor General. It's a case management system, an upgrade to Office 365 and building it on their own network. It doesn't sound hugely demanding, but why do you think we've fallen foul even at an early stage here? I think that, as the committee has explored on a number of occasions before, skills are a problem. The scarce in the economy generally, the public sector often struggles to pay enough to attract people against a market that has seen more pay inflation than many parts of the economy have, and small bodies, I think, have a particular problem in that. As I say, we know that the chief information officer has put in place a framework that contains many more checks and oversight of what's happening for projects and the ability to draw on central expertise, but that's tended to be applied to the bigger bodies, the bigger programmes, rather than smaller ones like this. Completely take Mr Beattie's point that four million pounds isn't a small sum of money, but it is small compared to some of the very big IT projects that we're seeing elsewhere, particularly the social security project, which is taking a lot of attention at the moment. I think that the problems that we're aware of at the moment tend to be smaller bodies that don't have the skills and underestimate the investment that's required in making them succeed. Where are we exactly right now with this? Is there a bit of a review going on as to how to set about this type of project and deliver it properly, adopting the standards that many of us are familiar with now having discussed the ICT project at Lameford at the Audit Committee? Where are we exactly now with the delivery of this? There's a number of actions that the council have identified and are taking forward. They expect that the new ICT itself will be implemented for March this year, so the implementation will have happened. One of the things that they are now looking, albeit that it is retrospectively, is around the benefits of that spend and the improvements that's allowed them through the case management system and quantifying those benefits and doing a value-for-money assessment on that. They've committed to reporting that back to council and scrutinising that further. Under we, properly, in your view, that's the assurance that we're perhaps looking for. Yeah, so there was a number of actions and a number of things have already happened, including one of the actions around the sharing of the services and the service level agreement, a revised agreement that's been put in place just now, but they're having another look independently around that service level agreement for the wider shared service that happens between the council and the care inspectorate. So a certain number of actions have taken place and they are committed to doing that further during 18-19, and as part of our audit, we'll ensure that those actions are taking place. Okay, thanks very much. I know that colleagues want to come in as well. Thank you, Mr Coffey. Mr General, were you convinced by the need for a separate system in the first place? I mean, the triple SC and the care inspectorate shared an IT system as my colleagues have explored a little bit, but was there sufficient reason for them to separate them at such high cost? It's very difficult to give a definitive answer to that because of the lack of options appraisal that was done in the first place. I think that the key driver for the separate system from the council's point of view was the need to renew its case management system, which is a core part of the way that it does business. With hindsight, it would have been quite possible to look at whether it was possible to deliver that in a way that was aligned with the care inspectorate's own updating and upgrading of its IT systems. The problem was that the case management system that was purchased wouldn't operate on the network that was run as the shared service, but we now know that the care inspectorate itself has upgraded its IT system, so it was possible, I think, to at least explore the option of moving forward together rather than going off on their own. That option wasn't properly explored in the first place, so it sounds like they've bought a case management system that they thought wasn't compatible with the care commission. It turns out now that it was, but in the meantime they've incurred an expensive £4.12 million, is that right? They bought a case management system without considering whether it was compatible with the network that they shared with the care inspectorate. They then purchased a new network on which it will run, and the care inspectorate in the meantime has refreshed its own IT system, so it would have been possible at the outset to have said, here's what we need to achieve, can we look at how it's possible to do that as part of the shared services, rather than simply deciding to go and deliver their own programme in isolation from the shared service? Is that not real negligence in a public, funded organisation to buy a new piece of equipment that is essential for the work that you do, and not even check out if you've got the ability to use it? It's the MEPL governance, which is why I've reported to the committee today. It is a short report, and it's in the grand scheme of things, a small-ish project, but at the same time, £4.12 million. I've just been making arguments in the chamber about a couple of million to save over 400 jobs, and maybe Joanne Brown's better place to answer that, but given that this is taxpayers' money, do you think that there is sufficient recognition within some of those organisations that those things can't just be signed off without proper investigation, that people work hard to pay those taxes and fund those projects, and so to see £4.12 million to be squandered like this is frankly wrong? Do you think that there's any recognition of that in some of those organisations, Joanne Brown? I suppose from my perspective, speaking about the council, when discussing our annual report and agreeing an action plan, it acknowledged from their perspective that the governance could have been stronger, there could have been greater transparency, there could have been a greater process put in place, and they did acknowledge that. With hindsight, they would have done things very differently, which is obviously difficult, because everybody would do things differently with hindsight. What they embarked on was a case management system that they needed from their business perspective in terms of the registration. Alongside that, there's been other costs incurred, which, as the Auditor General explained, if they'd taken that step back and thought about the governance and had that relationship there with the care inspectorate to have the debate, they might not necessarily have had to move away from the shared service the way they ended up moving away from the shared service. I just wanted to follow on with a couple more general questions to be honest, rather than specifically on this individual case. I think that there are recurring themes from a number of your reports on IT issues in general and also workforce issues, governance and leadership issues. Why are we so poor at IT projects? Has there been an analysis done on why generally—this is not a criticism of any particular government—we are really poor at IT projects? Why are we so poor? I should start off by saying that it's not only the public sector that's poor at IT projects. We have seen, for example, in the financial services sector TSP last year having major problems with their IT. We've seen the same with RBS over the past few years, but I've got no doubt that if you were to break down the reports that I've brought to this committee over the last six years, IT is probably the biggest single category. I think that the issues probably do come back to the questions of skill that Mr Coffey was exploring a moment ago. It's been difficult historically for the Government, for public bodies, to develop the skills that they need in a world where those skills are in demand externally with organisations that can pay higher salaries and where the need to keep on developing people, to keep up to speed in a rapidly changing world is difficult. In response to a number of critical reports from me, the Government has put in place the Office of the Chief Information Officer with a much stronger oversight framework of the big IT projects that are going on. I reported last year, for example, that the starting point for the new social security systems looked for me much stronger than we've seen in the past on things like cap futures in the previous Police Scotland scheme. We're still seeing the benefits of that investment, that stronger grip coming through, but we're also, no doubt, seeing a number of smaller bodies like the Social Services Council not able to access that Scottish Government core expertise because of the size of their projects and not able to develop their own staff and retain them to be able to do it well themselves. It is a challenge, but as well as the questions of waste that the convener was talking about, I'm also concerned about the opportunity cost. Investing in IT and doing it well is both a way of generating efficiencies and providing better services to users and members of the public. We're losing that opportunity to get better value for money as well as in some instances wasting money directly. I'll come back to the skills of individual staff in a moment, but surely for big IT projects like this, less having the skills of your own in-house staff to develop the project is more having the skill to identify the right people to develop the project and deliver it for you? Is that a particularly UK-wide problem that we have in terms of whether in the private sector or the public sector about the ability to reach out and identify the right people to do the IT development project? Is there best practice from other countries, other companies or the public sector bodies across the globe about how they get it right? I don't think that they've got necessarily the right skilled people who are developing the programmes in-house, but what they're probably better at doing is identifying the right people to develop the programme. Is there best practice to learn? I think that there is best practice and the principles for a digital future that Mr Coffey referred to was our attempt to bring that to the attention of public bodies. I think that the problem is that unless the accountable officer or unless the board is thinking about the risks involved, they don't recognise the need to go and buy in that expertise. If your starting point is that what you're doing is upgrading Microsoft Office and replacing your hardware and buying off the shelf a case management system, that sounds, if you're not thinking hard about it, as though it's not too hard. It's when you get into it and start understanding the interactions and complexities that you realise you can't do the things that you were expecting to do without spending more money or starting in a different place. For me, it really is about understanding at the beginning clearly what it is you're looking to do and what the risks are, and that in itself requires a certain level of expertise. Again, if you don't have that expertise in-house, you need to recognise that you need to identify that expertise and get that work done by whoever does have the expertise. Is that something that we're failing to do, just to say, okay, who are the right people to get from externally to come in and consult perhaps or look at that project and tell us what's the right thing to do, rather than making the judgment ourselves? People clearly fail to do that in this case, and you can see in the letter from the Accountable Officer to this committee that they're now doing that. I guess my frustration is that I think in the same way that five years ago, my advice to any new Accountable Officer would be make sure that you understand how your governance and your financial systems work and what your position is. I find it hard to understand how any Accountable Officer cannot think an IT system that's a risky thing. I need to make sure that I've got the advice that I need on it. Consistent? Yeah. And then turning to the leadership governance issues, again, that's something that almost every week, if not every week, is raised in a project relating to health services or education services or anything right across the public sector. We clearly have a challenge in terms of identifying people with the appropriate skills to do the job that we need them to do in the public sector, and it's happening over and over again. I think that there's probably scope for a much wider look from yourself and Audit Scotland of it. What are we doing wrong? Is it that we don't produce the people? Is it that we don't look from the right way? We don't headhunt in the right way? We don't pay them appropriately? We just simply don't have the skills in country. We need to identify elsewhere. There is a whole body of things around identifying the right people to the jobs. Is that work being done in a more holistic way rather than just looking at individual places where we're consistently getting it wrong? I think that we've looked at it in two ways. One is, as you say, case by case where things have gone wrong, and the second is looking across sectors like the NHS and care sector where we know it's getting harder to find the right people. As you say, it's a theme that keeps coming up in our work and we'll explore whether there's more we can do with the resources that we've got and the work that we currently carry out to shine the light on that, because I think that you're right that it's getting increasingly difficult. In this case, I think that there's no question about the quality of leadership of the organisation as a whole, except for this blind spot about IT and the risks that come with it. We're also analysing the merry-go-round that goes round in all these organisations where it's the same people popping up in different places doing a different job. They go somewhere, the last couple of years, they either do an okay job or mess something up and then they go and get an equally well-paid job somewhere else in the public sector. It just looks like a circle of people consistently looking out for each other. Has that been looked at in terms of people repeatedly popping up? I don't think that we've got evidence that that is a widespread pattern. There clearly have been some individual cases where people who are seen to have failed in one job have been moved somewhere else rather than being held accountable for it, but I think that it's not doing justice to the quality of management and leadership across public services in general, some very difficult jobs to characterise it as a cycle of failure of people being moved on rather than dealt with. I recognise that, in some instances, people feel strongly about particular circumstances and that the committee has explored where things have gone wrong, but I don't think that that's a factor in the report that's in front of you today. I have a final question following on from Colin Beattie's questions at the start. What greater role do you think the Scottish Government and the Scottish ministers, or indeed committees, should have in greater oversight of those organisations to try and identify problems much more early so that a positive intervention can take place? As well as the work to develop the Office of the Chief Information Officer, which I think is progressing but prioritising bigger programmes, the other thing that we've discussed a number of times in this committee is the differing quality of the sponsorship role that goes on between the Scottish Government department, in this case the Office of the Chief Social Work Advisor and the bodies that operate within their area of policy and are accountable to them. In some places that clearly works very well, in other cases it looks like it's quite arm's length and, as in this case, not aware of or not probing significant developments. That is something that we're looking at as part of our audit work across the piece to get a sense of where the right balance lies between giving bodies the responsibility to deliver what they're accountable for but also spotting problems early as they start to emerge and dealing with them rather than letting them run on. Your conclusion to the report starts off that the SSSC has fallen short of the expected standards of governance and transparency. That sort of anonymises the issue here a little bit and who on the ground got this wrong that should have got this right? The Accountable Officer is accountable for the operation of any organisation and in this case the Accountable Officer was the person chairing the programme board and obviously the council itself has the board, has a responsibility to see what are the risks facing the organisation and make sure they have the information that they need to monitor how those risks are being managed. So did they have the people in the organisation that could do this or should have been able to do this? To do the delivery of the programme. I would say not, as I said in answer to an earlier question, I think that failing was in identifying the risks and making sure they were being managed appropriately. Now there was reference to the private sector and examples there and normally if something like that happens in the private sector there would be consequences. Have there been consequences for individuals here? So far I think that the consequences are the report to this committee which brings to Parliament's attention the things that have gone wrong in this case. They have not done anything themselves to deal with people who have not done their job. Joe, is there anything that you would like to add to the council's oversight of this programme? I think that in terms of the council oversight of the programme that has now increased in terms of the governance and the awareness around it, as a result obviously of this report and being in front of this committee. There are now regular updates on the ICT programme to council which went there before, but other than that, no. Just finally, I see in paragraph 14 you taunt me again with the fourth replacement crossing, a project that opened and then closed the next day. Is that how you would like to see ICT projects run? No, Mr Bowman. I know that we disagree on this and I have recognised both in my report and in front of this committee that there continues to be work to finalise the fourth replacement crossing. I hope that my report showed quite clearly that on the large scale, the extent to which it was delivered to time and budget was quite unusual for large infrastructure projects internationally. I hope that it will soon stop being convenient. I hope that it will soon stop being convenient. I hope that it will soon stop being convenient. I hope that it will soon stop being convenient. Liam Kerr. Just some clarity for my Auditor General. I think that you said that the Accountable Officer in response to Bill Bowman, I think that you were saying that the Accountable Officer has fallen short here. I am slightly putting words in your mouth. I appreciate that. Is the Accountable Officer the chief executive? Yes. Is it the same chief executive that is there right now that was there when all those decisions were being made? There has been a change of chief executive over recent times. Given the complexity of the timeline that we set out in the report, I will ask Joe to clarify when that change took place. So there was a change to the chief executive. The chief executive previously left the organisation in April. At that point, the council appointed an interim chief executive, which was a director within the council. That then became the permanent chief executive in August this year. Last year? Yes, last year. Sorry. I shall work clear. Picking up on Anna Sarwar's point, where did the former chief executive go just out of interest? She is now, I think, the chief executive of the Scottish Council for Voluntary Organisations was recruited outside the public sector to that role. Again, just to come back to Bill Bowman's point, the Accountable Officer, I would like to just lift the corporate veil, because I see exactly where Bill Bowman is going. Who has fallen short here? On whose shoulders does this responsibility rest? I will leave it there. On whose shoulders? I said to this committee before that there is no doubt that, in formal terms, the Accountable Officer of any organisation is accountable for the performance of their organisation, for making sure of value for money and for making sure that they meet the standards of governance that are expected of them. Now, as this committee is probed in some detail in other cases, that does not mean that they do everything themselves, but they are accountable for it, and that is the nature of the role. Final question for me, just a slightly different line from where Bill Bowman was going, but in paragraph 14 you do talk about the good guidance that you have published. Are you aware of whether the SSSC were aware of all the guidance and the tools that your own department has provided to help people to do such a thing? If they were not aware, why not? In terms of awareness, from conversations with the Accountable Officer, they would note awareness with all the guidance. They would also note, in terms of the tools, some of the checklists that were there, that they did not use those checklists. That is a learning for them in terms of how they have managed and governed that project and applying the lessons learned from other projects. While they had a general awareness, they did not match that guidance to that specific ICT project. Do members have any further points for those who are general and her team? I thank you very much indeed for your evidence this morning. Before I close the public part of the meeting, I would also like to put on record that we have Alex Neil's apologies for this morning's meeting. I now close the public session.