European Commission should apply lessons learnt from its development of Schengen Info System to avoid similar delays and overspending on future IT projects - say EU Auditors

20 May 2014 12:00 PM

A report published today by the European Court of Auditors (ECA) states that the Commission delivered the second generation Schengen Information System (SIS II) over six years later than initially planned and at eight times the initial budget estimate. The delays and overspending occurred due to weaknesses in the Commission’s management in a challenging governance context.

The Schengen Information System (SIS) is used by border guards, police, customs, visa and judicial authorities throughout the Schengen Area. It contains information (alerts) on persons who may have been involved in a serious crime or may not have the right to enter or stay in the EU. It also contains alerts on missing persons and lost or stolen property, such as banknotes, vehicles, firearms and identity documents. Alerts are entered in the system by national authorities

“In 2001, the EU Council charged the Commission with the development of a new version of the Schengen Information System,” stated Mr Pietro Russo, the ECA Member responsible for the report, “However, the initial deadline was unrealistic and the Commission did not at first allocate sufficient staff with the expertise to the project. Therefore the Commission was able to manage the main development contract effectively only from 2009. In addition, the Commission did not sufficiently draw on the experience of end-users and system requirements changed during the first part of the project.”

The initial indicative estimates of the costs to the EU budget for the central system significantly underestimated the true scale of the investment necessary. The full cost of SIS II amounted to € 189 million for the central system to which should be added an estimate of over € 330 million for national systems. At the same time, the main benefit initially expected from SIS II became less relevant with the successful extension of SIS 1 to new member countries. In the light of these major changes to the costs and expected benefits, the Commission did not demonstrate that SIS II fully provided the best value for money for the organisation.

However, the Commission did learn lessons from its experience during the first part of the project, enabling it to change its approach during the final project phase from 2010 and deliver SIS II in April 2013. In addition, it has already applied some lessons from SIS II in preparing other large-scale IT projects.

Notes to the editors:

European Court of Auditors (ECA) special reports are published throughout the year, presenting the results of selected audits of specific EU budgetary areas or management topics.

This special report (No 3/2014) entitled “Lessons from the European Commission’s development of the second generation Schengen Information System (SIS II)”, examined why the Commission delivered SIS II over six years later than planned and at a cost far exceeding the initial estimates. It also examined whether there was a robust business case for SIS II throughout the project, which took into account major changes to the costs and expected benefits. In addition, the EU auditors assessed whether the Commission had learnt and applied lessons from its management of the project.

The EU auditors found that the delay and overspend resulted from deficiencies in the Commission’s management in a challenging governance context, particularly during the first part of the project up until 2009. Despite major changes to the costs and expected benefits during the project, the Commission did not reassess the business case in order to demonstrate that SIS II remained an organisational priority which provided a higher return on investment than other opportunities. There was no decision, based on a reassessment of costs and benefits, on whether to continue with, or stop, the project. The Commission learnt lessons from its experience during the first part of the project in order to change its approach during the final project phase from 2010 and to deliver SIS II in April 2013.

Based on its findings, the ECA recommended that, when managing the development of large-scale IT systems, the Commission should:

• base the timetable on a technical analysis of the tasks to be performed;

• ensure that all projects are integrated into corporate IT governance arrangements and make full use of in-house expertise to manage the work of contractors effectively;

• ensure that business needs and the views of end users are sufficiently taken into account in decision-making;

• ensure the approval of the business case before progressing from project initiation to project planning and its reapproval in the event of major changes to project costs, expected benefits, risks or alternatives;

• ensure that key project decisions are documented in a decision log so that they are easily traceable;

• ensure that there is effective global coordination when a project requires the development of different but dependent systems by different stakeholders;

• develop large-scale IT systems using interoperable building blocks which can easily be re-used to prevent being locked-in to a single contractor; and

• pass on the lessons learnt from the Court’s audit to DGs and EU institutions, agencies and other bodies. The Commission should evaluate whether the expected benefits of SIS II were achieved.

A short video interview with the ECA Member responsible for the report is available at: https://www.youtube.com/user/EUAuditorsECA