Cross-government and public administration

Managing the risks of legacy ICT to public service delivery

Older ICT systems critical for the delivery of key public services (‘legacy ICT’) expose departments to risks which must be understood and managed.

Green text on computer screen

“Legacy systems are a fact of life for most significant ICT users. The challenge is how intelligently they are managed, whether they are being retained, updated, replaced or phased out. The aim is to balance the costs of these options against the limitations and risks to ICT capability they can present, in a way that makes sense for the user and secures best public value. Performance in the public sector is patchy.”

Amyas Morse, head of the National Audit Office, 11 September 2013


Older ICT systems that are critical for the delivery of key public services (‘legacy ICT’) expose departments to risks which must be understood and managed, according to the National Audit Office. A particular risk is that departments dependent on legacy ICT will find it more challenging to achieve the business transformation envisaged by the Government in its digital strategy.

A report today by the spending watchdog estimates that, in 2011-12, at least £480 billion of the government’s operating revenues and at least £210 billion of non-staff expenditure such as pensions and entitlements were reliant to some extent on legacy ICT. Good practice in managing legacy ICT as an integrated part of public service delivery is therefore crucial to maintaining the performance of these services.

The reliance of government on legacy ICT is highlighted by the NAO in a number of case studies. In 2011-12, the DWP legacy ICT system paid out £84.3 billion of state pension and associated benefits, and the HMRC systems administered £99.6 billion of VAT receipts (net of repayments). This makes them of considerable significance and their failure would potentially endanger the payment of pensions and benefits and the collection of revenues.

However, both of these systems have been successfully adapted, were well-managed, and provided stable platforms, with availability typically above target and few technical problems.

Organizations that apply a strategy of not changing their legacy ICT can quickly develop inefficiencies. OFT’s consumer credit ICT system has had a number of faults since implementation and has quickly developed the characteristics of legacy ICT. From April 2014, OFT will cease to exist which has led to uncertainty about the future of the legacy ICT system. OFT was therefore constrained in investing in its legacy ICT and had little choice but to apply a ‘no change’ strategy.

The common risks seen by the NAO in its case studies include a higher vulnerability of legacy ICT to security problems; being locked in to uncompetitive support arrangements with a single supplier; a shortage of skills to maintain and support legacy ICT; the proliferation of manual processes as legacy ICT systems have to cope with changing business needs; the cost of new business processes to compensate for missing functionality in the legacy ICT system; and increased complexity caused by additional interfaces with other systems, driving up costs.


Publication details:

ISBN: 978102986150 [Buy from TSO]

HC: 539, 2013-2014

Share this content

NAOdirect email alerts

Get notified by email of publications, news, events and other updates:

cookie reports - The National Audit Office Cookie Policy
This site uses cookies - click here to view our cookies policy