The Department for Environment, Food and Rural Affairs (Defra) has updated what it claims to be 180 critical legacy applications.
In May 2023, the Public Accounts Committee (PAC) warned that the department had no clear plan to replace or modernise legacy systems.
In the Tackling Defra’s ageing digital services PAC report, Defra told the PAC it had already migrated away from 30 legacy systems onto modern alternatives. Between 2021 and 2025, the department has budgeted £726m on IT modernisation.
A more recent report from the National Audit Office (NAO), published in December 2023, noted that funding for digital investment for the period 2022 to 2023 and 2024 to 2025 was at £871m. But the department’s plans to update its IT runs over 10 years, covering 1962 applications.
Responding to a parliamentary question covering issues raised in the PAC report looking at Defra’s legacy IT, Mark Spencer, minister of state for Defra, said: “We continue to invest in replacing legacy IT systems, both through the dedicated upgrade programmes and through major programme deliveries.”
He said Defra’s Legacy Application Programme addresses technical debt. This includes exiting from old datacentres, removing obsolescence, bringing applications into mainstream support and improving their security posture.
“Over 180 applications have had their most critical legacy technology addressed through this programme,” said Spencer. “We are addressing legacy technology in other applications through digital transformation and policy programmes where this provides a better-coordinated approach.”
But given the scale of the task ahead, the NAO report noted that 30% of Defra’s applications were not supported by their supplier in July 2022, and that years of low investment in IT has led to a situation where there is a serious risk of critical failure or cyber attack.
In the report, the NAO warned that along with the large number of applications that require modernisation, Defra runs numerous databases and spreadsheets that have been developed locally outside the mainstream technology function. It said that while Defra does not know the full extent of these, it has allocated funding to investigate sources of grey IT and begin addressing those that present the highest risk.
Although the NAO looked specifically at Defra, it has also warned that while government departments need capital funding to build new digital services, they also need sufficient resource funding to maintain them.
“The comparative ease of getting capital funding compared with resource funding can lead to departments providing digital services without funding for maintenance costs, which they often omit from their business cases,” it warned.
As departments increasingly use cloud hosting, the NAO pointed out that new financial and operating models which involve more flexible approaches such as “pay as you go” require a shift away from capital resource expenditure.
In January, Gareth Davies, head of the National Audit Office, called for improvements in government IT procurement as part of a wider supplier management effort.