Six critical systems, four months to Brexit – and no completed testing
Defra concedes end-to-end testing can throw up challenges as MPs shout into the void
The UK's food and farming department has yet to test six critical IT systems ahead of Brexit and may have to rely on manual workarounds or "unsophisticated" tech, MPs have warned.
As the UK creeps ever closer to 29 March, 2019, when it is due to leave the European Union, reports of unreadiness are rolling in thick and fast.
The latest missive from the Public Accounts Committee relates to the Department for Environment, Food and Rural Affairs, which is responsible for 55 of the 219 Brexit-related plans, of which almost half have an IT element.
Broadly, the report concluded that Defra is still facing an "enormous" challenge and risks losing sight of its priorities, with insufficient Brexit border planning and time running out.
On its approach to IT systems, the MPs said the department has taken a "pragmatic" approach by prioritising the most essential work and opting for basic functionality in the short term while leaving building the full systems for the future.
But it sounded a warning about the fact the six critical IT systems have yet to be fully tested, with Defra itself admitting the work could throw up challenging problems.
In particular, the committee said it was concerned that testing is due to start on the systems simultaneously in January 2019, saying "so much concurrent critical testing activity" leaves "little time to resolve issues that arise".
The thing that keeps me awake at night is the fact that we cannot know until we have gone through this process what we will find...
According to Defra, the most complex of the systems – for notifications to manage food imports after the UK leaves the EU – is "proceeding well".
However, execs conceded it is impossible to know what will happen after end-to-end testing – due to take place in January and February – when it will see whether the three components of the system work together.
"End-to-end testing is a classic area for IT systems where, even if all the component parts work absolutely fine, it is not until you put the whole thing together and do the end-to-end testing that you find there are some issues. It is almost unheard of to do end-to-end testing without finding new issues," Defra permanent secretary Clare Moriarty told the committee in October (PDF).
"At the macro level, the thing that keeps me awake at night is the fact that we cannot know until we have gone through this process what we will find. Working to a fixed deadline and the huge scale and complexity of the projects mean we are carrying high risk."
Similarly, Defra told the committee it was "confident" its replacement for the EU's TRACES (trade control and export system) for border control would be ready in time for a no-deal scenario in March 2019 – but that it can't predict what issues will arise during testing.
In other areas, the department is focusing on delivering basic functionality, for instance in its replacement of the REACH system, which governs manufacture, import, supply and use of chemicals and took the EU 14 years to develop.
The committee described the UK's as an "unsophisticated" contingency system that aims to ensure it meets the basic needs of the industry and can operate at scale, with better functionality planned for long-term development.
Data flows post-Brexit: 'Leave it to government to make sure you've got a smooth run in.' Er, OKREAD MORE
Meanwhile, in common with other departments trying to get ready for Brexit, there are concerns about engagement that means industry, especially small businesses, are "unaware and ill-prepared".
This is partly because secrecy around negotiations and a lack of predictability means the departments don't know what advice to give.
Defra has said that guidance and training on how to use the new IT systems would be shared "very shortly", but as the PAC pointed out, it's pretty hard to tell someone how to use a system that hasn't been tested.
"It has been difficult to inform stakeholders how to use IT systems that have not yet been fully developed," the report said.
The MPs called on the department to provide an update on the critical IT projects by the end of December this year, and issue further details on the results of testing in January. ®
Sponsored: Becoming a Pragmatic Security Leader