The head of the department with primary responsibility for the Public Services Card project has agreed that it would have been “preferable” if a full business case had been prepared for it at its inception.
One of the chief brickbats used to assail the PSC has been the fact that no encompassing business case was ever prepared for the controversial project.
Writing to the Public Accounts Committee (PAC), before which he will be appearing this Thursday, secretary-general of the Department of Employment Affairs and Social Protection, John McKeon, acknowledged that “there is no single business case document relating to the development of the SAFE identity authentication process of the PSC”.
He said that “while I agree that it would be preferable if such a document did exist”, he also believes “it is important to stress that, as discussed in the meeting in 2016, the absence of a single document did not, and does not mean that the project was not properly or coherently planned or authorised”.
Appearing before the PAC in late September alongside the Data Protection Commissioner, Comptroller and Auditor General, Seamus McCarthy, said that the fact the PSC had no business case “just makes it much more difficult to manage a project in a value-for-money way”.
Mr McKeon told the PAC that Mr McCarthy had found, when reviewing the PSC project in 2016, that “17 out of 19 identified elements of a good practice business case were, in fact, in place”.
However, of those 17 elements, five were deemed by the C&AG to be only partially, as opposed to comprehensively, covered.
Mr McCarthy told the PAC that, in the documents reviewed by his agency with regard to the card, “there were pieces of what was being attempted in various documents, and there were probably contradictions in some of those”.
Mr McKeon, in his letter, added that much of the costs attributed to the PSC need to be “considered in the context of the counterfactual costs” that would have been incurred had the card never been introduced.
He said that “the costs that the Department would have incurred, if the pre-existing processes had been retained, are conservatively estimated at some €30m”.
The Department recently said that the costs-to-date of the project now stand at some €67.8m, meaning that the real-world costs applicable to the PSC are, in Mr McKeon’s words, “at most in the order of €37m”.
Meanwhile, the Office of the Data Protection Commissioner (DPC) has said that the cost of its initial investigation into the PSC was €194,000.
In reply to a number of questions posed at its PAC appearance, the DPC said that figure was split between internal costs of €127,413 and external costs of €66,348.
A further investigation into the alleged biometric nature of the card has also been conducted, the results of which are expected to be known before the end of this year.