COMMITTEE OF PUBLIC ACCOUNTS debate -
Thursday, 20 Nov 2003

Witnesses should be aware that they do not enjoy absolute privilege. As and from 2 August 1998, section 10 of the Committees of the Houses of the Oireachtas (Compellability, Privileges and Immunities of Witnesses) Act 1997 granted certain rights to persons who are identified in the course of the committee's proceedings. Those rights include the right to give evidence, to produce or send documents to the committee, to appear before the committee either in person or through a representative, to make a written and oral submission, to request the committee to direct the attendance of witnesses and the production of documents and the right to cross-examine witnesses. For the most part, those rights can be exercised only with the consent of the committee. Persons being invited before the committee are made aware of those rights and any person identified in the course of proceedings who is not present may have to be made aware of them and provided with the transcript of the relevant part of the committee's proceedings if the committee considers it appropriate in the interest of justice.

Notwithstanding that provision in legislation, I remind members of the long-standing parliamentary practice to the effect that members should not comment on, criticise or make charges against a person outside the House or an official either by name or in such a way as to make him or her identifiable. Members are also reminded of the provision under Standing Order 156 that the committee shall refrain from inquiring into the merits of a policy or policies of the Government or a Minister of the Government or the merits of the objectives of such policies.

I invite Mr. Hynes to introduce his officials.

Chapter 12.1 of the Report of the Comptroller and Auditor Generalreads:

12.1 Reckoning of Pre-1953 Contributions for the Old Age (Contributory) Pension

Introduction

Prior to the introduction of this special pension scheme, contributions paid prior to 1953 could only be used to satisfy two of the three qualifying conditions for the Old Age (Contributory) Pension (OACP) i.e. that a person must have entered insurance 10 years before pension age and have at least 156 social insurance contributions paid since first entering insurance. Pre-1953 contributions could not be used for the third qualifying condition i.e. yearly average of contributions.

Contributions paid by insured persons prior to 1953 did not contain a pensions element. This continued to be the case until 1961 when the pension element was introduced at the same time as the introduction of the OACP. However, contributions made under the unified system of social insurance, introduced in 1953, were fully recognised for pension purposes from the outset. The Minister for Social, Community and Family Affairs introduced a special OACP from 5 May 2000 for people with pre-1953 contributions who otherwise might not qualify for a pension or only for a reduced pension (Social Welfare Act 2000, Part V, 16).

The new arrangement allows people who commenced insurable employment before 1953 and who had at least five years paid insurance comprising either pre-1953 contributions or a combination of pre and post-1953 contributions to qualify for a pension. To qualify a person must be aged 66 or over and have a total of 260 full rate social insurance contributions paid, at least one of which must have been paid prior to 1953. In determining how pre-1953 contributions are reckoned, each 2 contributions paid count as 3 so if all contributions are paid prior to 1953 a person can qualify for the pension with 173 paid contributions.

The pension payable is currently €78.75 per week - 50% of the maximum weekly personal rate of the normal OACP. Additions for adults and child dependants, where applicable, are also payable at 50%.

Estimating the Cost of the Scheme

The Department of Social and Family Affairs had identified two groups of people who entered social insurance before 1953 as likely to benefit from the amended qualification:

People in receipt of a pension at rates less than the half rate pension

People not currently in receipt of another social welfare pension including applicants previously found not to qualify and people who had never previously applied for a pension.

The Department estimated that 3,000 people would qualify for the new payment at a full year cost of €8.9 million and a cost of €6.7 million in 2000 when seeking Department of Finance approval for the scheme. The overall claim load was expected to be 5,000.

The Department's calculations were based on the fact that approximately 36,000 applications for the pension had been rejected since 1988. No statistics were available for reject cases prior to that date. Of the 36,000 cases rejected, 29,500 had no date of entry into social insurance recorded and 3,400 had a date of entry recorded as pre-1953. The Department had estimated that a further 10,000 persons were in receipt of EU/or Bilateral Agreement pro-rata pensions from the Department. Many were paid at less than half the maximum rate. This process gave the Department a total of almost 42,900 people with a potential entitlement under the new qualification discounting the unknown numbers refused pension prior to 1988. The Department estimated an administration cost of approximately €760,000 (extra staff, overtime, etc) to:

Identify cases with a date of entry into insurance prior to 1953

Ascertain the total number of contributions paid in these cases

Determine if the person was still living.

Initial Take-up of Scheme

About 2,700 claims were received before the scheme was advertised in the national and provincial papers in late June 2000.

At the end of December 2000, the Department had received 11,669 claims for the new pension. It had also identified 13,500 pro-rata pensioners who might qualify for the new pension at a higher rate than their existing pension. The outcome of the Department's processing of both groups at end December 2000 is shown in Table

Table 12.1 Scheme Activity for period 5 May 2000 to 31 December 2000

The annual cost of the 10,877 cases awarded the pension in 2000 was €33.4 million. The additional cost of the 484 cases found to be qualified for the standard pension was €1.8 million.

UK Applicants

Media coverage of the new scheme in November 2000 generated an increase in the number of applicants. The Department started to receive a significant number of applications from United Kingdom (UK) residents who accounted for over 40% of all applications at the end of the year. The Department advised UK applicants to submit claims through their local Department of Social Services (DSS) office in the UK - the standard arrangement under EU regulations.

In February 2001 the DSS Overseas Branch notified the Department that it had received around 2,000 Pre-1953 claims over the previous month. The Department had been under pressure since late 2000 from Irish societies in the UK and the Irish Embassy to have an advertising campaign in the UK. The Department was initially opposed to such a campaign, as it wanted to clear the existing backlog of cases on hand. The Federation of Irish Societies in the UK organised a series of presentations and workshops and Pre-1953 awareness Road Shows in early 2001 and, by May 2001, 2,258 out of the 2,947 new Pre-1953 claims unprocessed with the Department, were from persons resident outside the State.

In July 2001 the Department launched an advertising campaign in a number of UK daily newspapers that were considered to have wide circulation in the elderly Irish community and in two weekly Irish interest papers. Officials from the Pension Services Office (PSO) and the Department's Information Section attended seminars held in tandem with the newspaper campaign by the UK Irish societies in London, Manchester, Leeds and Birmingham.

Administrative Difficulties

The administrative problems caused by the number of unforeseen applications were exacerbated by the fact that processing individual claims was tedious and time consuming because of the necessity to trace social insurance and/or employment details which were over 50 years old and predated the Departments computerised record system. Significant overtime had to be worked in the Client Data Services Index section responsible for tracing old insurance numbers.

The Department calculated that at least one third of people rejected for the pension appealed the decision. In May 2002 the Department had 783 appeals on hand which could be broken down into two categories:

723 cases that required the issue of a clarification letter

60 cases that had been referred to the Appeals Officer.

People appealed mainly because no insurance number could be found for them, no complete insurance record existed or they were ex-public servants who felt they had not been treated fairly. Appeal cases were tortuous and required a check on all variations of the persons name and the county in which their mployment was registered. Many applicants had more than one insurance number as it was found that people were given a new insurance number if they changed job.

Current Take-Up and Back Log

Table 12.2 shows the take up of the scheme at August 2003.

Table 12.2

Claims for pre-1953 pensions are currently being received at a rate of 60 per week. Over and above the backlog of unprocessed claims and the current intake, there is still a considerable amount of associated work to be carried out.

There are 3,000 claims for examination for entitlement to an EU pro-rata pension. These are in respect of people who did not qualify for the standard pre-1953 pension and were passed to the EU area for review.

In addition, there are 2,840 cases with a pre-1953 pension that might have a possible entitlement to an EU pro-rata pension prior to May 2000. There are a further 2,420 pro-rata cases where entitlement may be affected by changes in the banding of rates introduced in Budget 1999.

Data provided by the Department indicates that 50% of claims awarded are from the UK as against 37% from Ireland. 7% of claims are from the USA, while Canada and Australia account for 3% and 2% respectively.

Actual Cost of the Scheme

The pre-1953 pension scheme was estimated to cost €6.7million in 2000 and €8.9million for a full year.

Table 12.3 gives details of scheme expenditure for the period 2000 to 2002.

Table 12.3 Pre-1953 pension expenditure 2000-2002

The cost of the additional administrative arrangements put in place to cope with the workload amounted to €1.6m.

As the Department completely underestimated the cost and scale of the scheme, I sought the views of the Accounting Officer.

Accounting Officer's Response

The estimates of the cost of the scheme were derived from an analysis of previous claims to pensions that had been rejected on the basis of insufficient contributions. While it was originally estimated that 6,000 to 11,000 people could benefit under the proposal, this was reduced to 3,000 based on experience of take up of previous pension proposals where the costs had been overestimated. On this basis, the full year cost was estimated at €8.9m.

The reason for the underestimate was, essentially, that the Department did not anticipate the influx of claims for the pre-1953 pension from persons resident abroad. While the estimates that were made did anticipate that some persons from abroad would qualify, the actual numbers involved were seriously underestimated.

The Department is frequently required to estimate the costs of policy proposals and its record in this regard is a good one and this has been recognised by the Department of Finance. The experience in this case was highly unusual.

The unexpected high take-up rate from abroad was influenced by a major campaign by groups working on behalf of people living in certain centres of Irish population in the UK to raise awareness of this particular scheme together with the information campaign undertaken by the Department itself.

Estimating costs in cases like this involves the use of data from the Departments records system. In the case of pre-1953 insurance records, which are held on microfilm, the data are in some cases incomplete and need to be supplemented from other sources. The problem is lack of quality data rather than lack of expertise. The level of expertise in the Department is high and has been supplemented by the recent secondment of a statistician from the CSO. The Department also employs independent actuarial advice from time to time in costing proposals.

It is always difficult to estimate costs where comprehensive data are not available. The Department is conscious that the underestimation, which occurred in this case, had serious implications for expenditure on the Departments programmes and has emphasised the need to question in the most thorough fashion the costing of any expenditure proposals, which arise.

The Department will take on board the specific lessons of this project in estimating the costs of similar proposals in the future.

Chapter 12.1 draws attention to a serious underestimation by the Department of the cost of the scheme introduced by the Social Welfare Act 2000 to give greater recognition to social insurance contributions paid prior to 1953 for the purpose of entitlement to contributory old age pension.

The year 1953 is something of a watershed in social welfare terms with the introduction of a new social insurance regime. That year has invariably had a significance in reckoning contributions prior to that when calculating benefits.

The proposal to change the law to provide for the granting of a special contributory pension for certain people with pre-1953 contributions was made as part of a package of social welfare improvements put forward by the Department in a memorandum to Government in February 2000. The estimated full year cost of the proposal set out in the memorandum was €8.9 million. This figure was computed on the basis of 3,000 successful claims being made. As we see from the report, this turned out to be very wide of the mark. By August this year, over 28,000 awards have been made with some claims still to be processed. In 2002, the full year costs had risen to €113 million, although I should say that this includes an element of one-off arrears. Nevertheless current indications are that the recurring annual cost of the scheme works out at about €100 million more than was estimated.

Clearly this places a big question mark over the Department's estimation procedures. I put this to the Accounting Officer. In reply, he stated that this was an aberration when set against the Department's good record in this regard and was largely attributable to two factors. First, the poor quality of the pre-1953 contribution records and, second, the unexpectedly high take-up rate from abroad, particularly from the UK where a major awareness campaign was undertaken. He assured me that the Department would take on board the specific lessons of this project in estimating the costs of similar proposals in future.

As I said on a number of occasions before the committee, the orderly management of the public finances requires accurate costing of expenditure proposals. Had the Government been aware of the magnitude of the cost implications it might have responded differently to the proposal before it.

I thank the Chairman for the opportunity to address the committee. I will make a few general comments, which I hope will help the committee's discussion. The Department is responsible for the expenditure of more than €10.2 billion in 2003. We have in the region of 940,000 claimants and almost 1.5 million beneficiaries across the full range of social welfare schemes.

The Department is heavily reliant on information technology for the delivery and control of schemes. However, many of our processes are not computerised and the Department still relies to a considerable extent on paper-based processes for the processing of claims.

In recent years, the Department has begun a significant programme of change in the way we do our business. This involves significant investment in new IT systems and a programme of organisational change designed to ensure that we are able to deliver a modern and efficient service to our customers.

The first implementation of the new approach or new service delivery model has been delivered in a new system of automated processing of child benefit claims and payments. With electronic transfer of new birth registration data to the Department from the General Register Office, in future child benefit claims will be dealt with more quickly and efficiently. The new system will be rolled out to other scheme areas over the next few years. The Department is also heavily involved in the development of better and more co-ordinated delivery of services across the public service through the REACH project and through involvement in the implementation of the e-government agenda generally.

The underlying objective in the modernisation programme is to enable the Department to improve the quality of service which we can give to our customers, their representatives and the Government and give the Department a greater level of flexibility to respond to changing requirements. It should also address the delays which are a feature of the system at present. As well as the responsibility for the delivery and control of social welfare schemes, the Department is also responsible for the development of budgetary and financial projections of expenditure and the development of policy proposals related to the various schemes, including their costings.

Generally speaking, the Department has a good record in this regard. In the particular case of the special pension scheme for pre-1953 contributors, however, it is the subject of one of the paragraphs in the Comptroller and Auditor General's report. The costings which were made were, as the report notes, underestimated. This has been embarrassing for the Department. With the Chairman's permission, I would like to make some general comments in addition to those specifically made in the report.

Estimating costs into the future depends crucially on the quality of the data available upon which to base the costings. The data available from pre-1953 contribution records is deficient, of poor quality and can be difficult to read. This means that the tracing of records in order to process claims for the pre-1953 pension has been a slow process. It also means that the data could not be used in any meaningful way to estimate the costs of the pension prior to its introduction.

Effectively, the only data available for costing purposes, was that on people who had previously applied for pensions and had failed to satisfy the standard contribution conditions. The estimate was built around this group. In the event, more of these applied than was anticipated by the Department and it also emerged that large numbers of people who had not previously applied for pensions or been in touch with the Department had contributions prior to 1953 which qualified them for the new pension. A large proportion of these are resident abroad, mainly in the UK. In hindsight, it is clear greater allowance should have been made for this possibility. However, at the time this was not viewed as a factor which was likely to affect the costs to the extent it did. The Department was concerned at the time about the difficulty of estimating the numbers likely to qualify. However, at short notice we had to come up with an estimate for budget purposes. It is a matter of regret that the costings given to the Government were well underestimated.

The main consequences of this underestimate was that the Government was not fully aware of the financial consequences of the decision to introduce this pension scheme. The scheme is financed from the social insurance fund and the effect of the underestimation was to reduce the surplus in the fund below what it would have otherwise been. The scheme will not have a permanent effect on social welfare expenditure in that it applies to a specific category of people only.

I am satisfied that the circumstances which gave rise to the serious level of underestimation in this case were unique. An occurrence of this kind indicates the difficulties which are involved in the estimation process where reliable data is not available. In these circumstances, the Department has to make the best use of the information available and exercise a considered judgment on the matter. The experience of this case will make the Department more wary in exercising such judgments in future.

As I said, we based our estimate on the experience of people who had applied for a pension already. The fact that to qualify for the standard pension, the average contributions required at this stage is only ten. Therefore, the feeling in the Department was that there would not be a huge number of additional people who would qualify for this pension and were not already in the pension system. That is where the error arose. We did not allow for the fact that a large number of people, who were not resident in the country, had records going back pre-1953 and qualified in the event.

In hindsight, it is easy to see that this was a major factor in the underestimation of the costs. However, at the time it did not occur to the people making the costings.

We looked at those claims separately. The assumption was that people in that situation might have already been in receipt of a pension because the constitutional provisions for the pension are relatively easy to achieve for the standard pension. One only needs to have had an average of ten contributions over one's insured lifetime. There was a feeling that people may have been in receipt of pensions and, therefore, not qualify for the new pension.

No. This is a social insurance pension scheme and the fund comes from the social insurance fund. The fund has been in surplus since 1997, therefore, the effect of the underestimate and the additional expenditure was to reduce the surplus in the social insurance fund below what it would otherwise have been. Therefore, it was not a question of necessarily diverting funding from elsewhere. Nevertheless, in making its decision, the Government was not aware of the full costs of this scheme. Therefore, it is difficult to say in hindsight what the decision would have been if it had been.

I have read the Comptroller and Auditor General's report and Mr. Hynes's opening statement. Everyone agrees this underestimation is unique. From the spirit of the report and the statement, I take it that the Department has learned from this experience.

It would have been impossible to give an accurate assessment, given that the Department was given only a few weeks in advance of the budget. Therefore, given the previous track record of the Department on estimating costs, this is unique. I am not here to attach any blame to anyone on this occasion. This section of the report must be looked at differently from others and I would not like anyone to draw a comparison between this and the underestimation in regard to medical cards. The majority of claimants in this case left Ireland more than 50 years ago. The majority of people underestimated for medical cards are alive and well in Ireland. Therefore, it would be unfair to compare the two. What the Department was asked to do here was unique.

The comparison I was making was with the methodology and the accuracy of information on a database. That is the point I wanted clarified. The comparison with the underestimation of medical cards was that the mechanism and the methodology of having the data on file was unavailable in that case. This is a similar situation in that the Department based its work on false facts. Both schemes were introduced based on information containing incorrect figures. Is that not correct, Mr. Hynes?

I take the Chairman's point but I disagree. We will have to agree to disagree on this. I see no comparison between that and the job this Department was asked to do, trying to come up at short notice with an estimate of the number of people who might claim a pension, the majority of whom had left Ireland 50 years ago. Given, in addition, that many of these old records were very difficult to read, there is no comparison between that task and the task of the Department of Health and Children in estimating the numbers of people currently known to be alive and well in the country. It should have been much easier to calculate the figures in the medical cards case. I reiterate that the task of the Department of Social and Family Affairs was an impossible one. I do not think anybody could have provided an accurate estimate. It has only been possible to estimate these figures accurately with the benefit of hindsight. We can agree to disagree, but that is my observation. The Department was given a few weeks notice to come up with figures. It was impossible to do it at the time and, in hindsight, it was impossible to have expected the Department to have done it. While we are not dealing with the merits of the decision, it is clear it was decided to give pensions to these people. We all would say that was a laudable objective.

To further underline the point, according to table 12.1 on page 152 of the Comptroller and Auditor General's report, the Department received 11,669 new applications the first year, between May and 31 December 2000, and at the end of that year over half of them were still not processed. I can understand that they were not processed because the Department was trying to find and establish records. Most Deputies would have direct experience of this scheme. We have had to contact the Department on behalf of people verifying their birth certificates. In fact, some people do not have birth certificates. Some have difficulty verifying their place of birth because they were born in their homes or in their granny's home. Many were not born in hospitals and the record of their births is difficult to attain. Some people are not sure of the name of the person who employed them before they emigrated to England years ago. Some worked for a farmer or in a shop, which is no longer there or which was bought by someone else, etc.

It is a tribute to the Department that it has been able to process over 28,000 records of applications of these people in the two-and-a-half-year period concerned, and to validate and pay them accordingly. Of course, I accept it is a far higher bill than we ever had anticipated but that is the nature of introducing a social welfare scheme. If more people apply for it and they are entitled to avail of the scheme once it is introduced, then they are entitled to get their entitlement. I want to give credit to the Department for processing the records, many of which were over 50 years old. It was a difficult task.

The report interested me but I do not have a problem with it because I have never before encountered a scheme which involved going back over records which were 50 years old. The problems were unique. The Comptroller and Auditor General said so and the Department recognised that was the case. The Department has learnt lessons. No doubt the 28,000 people in receipt of this pension are very grateful to have it.

I have no quibble at all with the Department. My only quibble is that it was given such a short time to try to come up with a figure. I do not blame the Department of Finance for accepting the Department's figures in good faith at that time. If the Department had two and a half years to estimate a figure, as it had to implement the applications, of course it would have come up with an accurate figure. It did not, however, and that is the nature of life. The money has been well spent on people who are entitled to it.

While accepting that the committee has no role to play in policy, that these payments were welcome, that there was strong lobbying for them and everyone in political life accepts that they should be made, a question arises about the process that accompanied the making of them and the fact that the Department was so widely off the mark, by a factor of about ten. It shows a deficiency in the systems that existed within the Department. This should rightly be a cause of questioning by the committee. In his statement, Mr. Hynes speaks of the Department accessing independent actuarial advice. Does the Department employ actuaries?

We do in so far as we carry out actuarial reviews of the funds. They are done in the Department by independent actuaries. The Department's pension system operates on a pay-as-you-go basis. To that extent, the need for actuarial expertise within the Department is less than it might be if we were operating a funded scheme.

In this case an actuarial rather than a statistical approach might have given the Department a different set of answers. This period, from the end of the Second World War to the 1950s, saw the highest rate of emigration. Some 50,000 people a year emigrated. They were mainly young people who would have had employment records in this country.

I appreciate there was a short period of time to gather information. The same difficulty occurred in the case of the medical cards for those over 70 years of age. There is a question about how policy is made and asked to be implemented in such a short period of time. The committee will address it. To not have an accounting mechanism that erred on the side of caution, however, is an indictment of the Department.

We generally try to err on the side of caution but, generally speaking, the value of actuarial expertise arises when one is projecting costs into the long-term future. We were trying to get information on people who had been in the system 50 years ago and I am not sure that an actuary would have been in a better position to get that information, bearing in mind that the quality of the material on which to base the estimate was very inadequate.

This needs to be re-examined in the future. Given that so many people emigrated from the country, I would have thought that actuarial advice could have told the Department the potential life-span of such people, their work record and the likelihood of them having worked in the country before they left. Admittedly, the Department should have had this information over a longer period, which would have allowed it to properly assess this. It could be the case that there was an assumption that although a large number of people were eligible, many would not apply for the scheme. Was that view held within the Department?

There are a number of pensioners who already receive pensions under the standard pensions scheme who are living abroad and have contributions post and prior to 1953. We made the assumption that there was not a large number of additional people in the pool. In retrospect, that was a false assumption. If we had more time, we might have come up with a different answer. However, the records available to us are deficient.

Did the Department seek the experience of other states who would have engaged in similar exercises? We would have been late in recognising pension entitlements of Irish citizens living in other states. Reciprocal agreements have only been in place over the last decade or so. However, pro rata existed with other states. My parents were emigrants in the 1950s and they have applied for pro rata pensions in other jurisdictions. To what extent did the Department of Social and Family Affairs look at the experiences of other states and learn from them?

We have a lot of contact with other countries with which we have reciprocal agreements. EU regulations are in place for people who move from one state to another and insurance records in different countries. This particular pension was based on contributions that people had in this country. I am not sure we would have got any worthwhile assistance from other states. It was a problem we had to address ourselves. We are going back a long period prior to 1953. The contributions that were paid in that period did not have a pension element in them. At the time they were paid, there was no expectation that they would be used for pensions at a later stage. That was the only information we had on which we could base our costings.

Can we have an explanation of the workings of the social insurance fund? My understanding of the fund is that it is purely an accounting mechanism. There are variables as to what goes in and comes out of it every year. It just happens by a matter of choice to be currently in surplus. What comes out in social insurance and what people pay is not always reflected every year. This actual overpayment comes from a resource at the Department.

The social insurance fund, or the PRSI fund, is a separate fund. Contributions are paid by employees, employers and the self-employed. Up to 1997, the Exchequer had to put in a contribution too because the income from contributions was not sufficient to pay out the benefits on a year-by-year basis. From 1997, the contribution income of the fund exceeded the amount that had to be paid out in benefits. From that time, the fund has been in surplus.

The Deputy is correct that the system is based on a pay-as-you-go system. The money that comes in this year is used to pay the benefits paid out this year. There is a current surplus in the fund which will build up. The question for future Governments will be whether to maintain or increase the contribution rates, bearing in mind that pensions expenditure will increase significantly in the future. Decisions will have to be made whether contributions are adjusted upwards or otherwise. That is a decision that the Government makes on a ongoing basis.

My next question is a curve ball and is not directly related to the report. In his statement, Mr. Hynes stated that he is wary of how the Department will approach issues such as this in the future. A similar clamour has existed for pre-1953 stamps regarding class D stamps. Has the Department engaged in a preliminary exercise of how much it might cost if a similar decision was made from the experience of pre-1953 stamps?

I assume the Deputy is referring to contributions paid by public servants and whether those contributions should be counted for the purposes of old age contributory pensions? We have not carried out any costings on that particular issue. I do not believe the difficulties would be on the same scale as this case. The likelihood is that the information that we have on public servants would be somewhat better than what we were relying on in this case.

I am surprised. However we look at this mistake in estimation, it would be interesting to know what the total cost is, going forward. If it is all rolled into the cost of old age pensions in general for future estimating purposes, we have no way of stripping out the figure and, in effect, Mr. Hynes has achieved closure on the issue now by treating the Estimates in this way.

It is possible to come up with a reasonable estimate. Once all the claims have been processed, insurance company morbidity rates can be applied to that section of the population which is getting these special pensions, taking into account that indexation will be a factor because they are half-rate pensions. It should be possible, if not right now, to come up with an accurate estimate. When the applications dry up or are down to an insignificant and immaterial amount, it should be possible to get a fairly accurate figure.

There is little time left to do the estimation work on this policy. The Comptroller and Auditor General said there is reference in a Government memorandum of February 2000 and this is from where the figure of €8.9 million comes. Mr. Hynes's spoke in his opening statement of having to do this work prior to the budget, which would put it back into November of the previous year. The memorandum sounds like the documentation accompanying a draft social welfare Bill rather than the budgetary calculation. Could Mr. Hynes go through the sequence?

The costings would have been done in the context of preparing proposals for the budget, which was in December for the year 2000 if I recall correctly. The costings would have been done a number of weeks prior to that. The memorandum in respect of the Social Welfare Bill would have gone forward subsequent to the budget. We looked for sanction in December 1999 for the purposes of the budget discussions and it was included in the memorandum on the Social Welfare Bill in January 2000. That is the timescale we are looking at.

A policy decision was taken at some point prior to budget for budgetary announcement. Then there was a short deadline, some time in late November, before which the preliminary costings had to be prepared. There was a significant amount of time before the Social Welfare Bill and the memorandum on it were published and several months before the Bill was enacted. I take it Mr. Hynes did not revisit the issue. He took his costings of November and ran with them without revisiting them when he was preparing the memorandum for the Social Welfare Bill.

I have one last question on the social insurance fund. I presume Mr. Hynes is aware of the pension fund to which the State contributes 1% or 1.5% of gross domestic product each year and which goes into a special fund. The National Treasury Management Agency manages it. When the function of managing that fund was given to the NTMA, the Minister for Finance announced he would make similar or parallel arrangements for the social insurance fund. Can any of the Department of Finance people say whether that happened? There was a policy announcement around that time to the effect that the social insurance fund would not only be held as a separate fund, unlike in the past when it was in deficit, but would also be a managed fund with someone, probably the NTMA again, entrusted to manage it. I recall the Minister for Finance making such an announcement on the introduction of the other legislation. Has anything happened?

No, not at the moment. The national pensions reserve fund operates on its own and is managed by the NTMA. Its purpose is to build up enough money to partially fund both public services and social welfare pensions as and from 2025. At present, the legislative underpinning of the social insurance fund remains unchanged. It is still under the aegisof the Minister for Social and FamilyAffairs.

Any surplus on an ongoing basis is transferred to the Minister for Finance who has responsibility for the social insurance investment account. It is used as part of Government funding on an ongoing basis. To the best of my knowledge, the social insurance fund did not get an interest return on it but does now. At one stage it was invested in things like ways and means. The central fund was not paying interest. The social welfare delegation has indicated that there is a return that comes back to the social insurance fund and forms part of the ongoing surplus. However, one does not have to wait until the end of the year for it to be transferred. There is an ongoing transfer of moneys on an almost daily basis, depending on how fluid the fund is at any one time.

The Department of Finance might be able to clarify precisely how it is dealt with. Normally, it would be dealt with as part of the moneys available to the Exchequer at any one time. In effect, it would be used as a substitute for borrowing. It certainly used to be. I would have to confirm this and it can be confirmed by the Department for the Deputy. It would be a source of borrowing for the Exchequer when it is in surplus to a large extent.

I suppose, despite our value for money mandate, a political element will always creep in. People may not intend it for these issues. We are unfortunate in this committee that we sometimes find ourselves criticising the cost of a policy decision even though I presume all members of the committee would support the policy. It is against this background that we ask questions.

I am surprised that there was not more positive information on this issue when the policy decision was made. I have made representations to at least five Ministers over the past 16 or 17 years to have this policy enacted. Invariably, a cost was quoted to me. When I argued this point, I said only a certain amount of people would be affected, perhaps 3,500 which was the broad figure. Some information must have been available because the policy had been rejected by Ministers of various political hues over the years. I presumed their rejection was based on costings. Was there an effort prior to 1999 or 2000 at assessing the figure? I assume that when Ministers turn down such proposals, they have done some homework on the subject rather than leaving it until it became a policy decision.

It is fair to say that it was only when the decision became imminent that a detailed costing of what we thought the cost would be was done. I know, as Deputy Dennehy said, the issue had been on the agenda in some shape or form for many years, but beyond broad estimates that the cost would be significant, no detailed costing, as far as I recollect, was done on this particular issue, but I would have to check to see whether that was the case or not.

I am working from memory, but when I was co-chair of a committee under the British Irish Inter-Parliamentary Body, we dealt with aspects of this and I recall some figure being given by the British Department of Health and Social Security for the number of Irish people who were derelict and being ignored. People were lobbying for action to be taken to assist them. This is the proof that we ignored our emigrants, especially those who went to the UK. I thought at the time that figures were being produced because I remember arguing on that point.

I would like a breakdown of the numbers of new cases. Would most of those have qualified for a non-contributory pension regardless, or were they already in receipt of non-contributory pensions? I appreciate that some of them were receiving pro rata pensions but would they all have been entitled to non-contributory pensions?

Those who were resident in the UK would not have been entitled to a non-contributory pension from the Department of Social and Family Affairs, so to that extent they were not on our books. A number of people were already getting a pension and got an improved pension on foot of these proposals. A number of people applied for pensions when this was announced and qualified for the standard rate of old age contributory pension but might not have been previously aware of the fact that they were entitled to a standard pension. There are a number of different categories of people captured by this provision.

I am concerned about the number. I presume we have a reciprocal agreement with the DHSS. If it pays our people and there are difficulties, we would pay the people and transfer the funds. Do the figures show that 50% of the 25,000 people who were entitled to benefits received none? Is it correct to make that inference?

I assume that a lot of the people in receipt of a pension from the UK or wherever they were living had this as an additional pension which they became entitled to when the scheme was introduced. Some were in receipt of pro rata pensions based on a combination of their insurance here and in the UK. They were all looked at. We knew, when we were costing the scheme, the numbers who were in the system. What we did not know was how many who were not already getting the pension from here, either a pro rata or full pension, had pre-1953 contributions and would qualify. That is where we did not have the figures.

I am inclined to agree with my colleague, Deputy Fleming, even though it may be interpreted in some quarters as flying the Government flag. I have made hundreds of representations on behalf of people who have been turned down because they did not have all the data. We are dealing with a great deal of misery. I am concerned that the financial fallout from this will take away from what has been done and might even restrict the Department of Social and Family Affairs and future holders of the ministerial portfolio.

I appreciate that the Comptroller and Auditor General's problem is the difference between the original estimate and what it turned out to be and that this is the role he must play. I would hate it if Mr. Hynes left the meeting with less enthusiasm for caring for the people under discussion because every one of them has suffered from policy decisions. I have been at the coalface for the past 17 years seeking to have this issue dealt with.

Does Mr. Hynes think this meeting will be much of a help in tidying up all the records? I know that births, marriages and so on are being tidied up, but are there are any other little pockets like this where there were difficulties in the past with the recording of people which this meeting could help identify?

Up to quite recently, it was possible for people to get different insurance numbers. One of the priorities of the Department of Social and Family Affairs is to ensure that people have only one number and we have put measures in place to ensure that, when we issue numbers, a person has only one number. When people needed to get a social welfare number quickly, the practice in the past was to give them a new number if their old number was not available immediately. We have many cases of people with multiple numbers and we are trying to manage that. In fact, in some of the cases we are discussing, people would have had more than one record and it was a question of finding them and linking them together.

Arising from our discussion, what jumps out are the problems that have arisen from the decisions to extend the medical card scheme to those over 70 years and to provide pensions to those with pre-1953 social welfare contributions, an issue on which I fought for 17 years. I would hate to think what has happened would colour the policy decisions of a Minister. The mandate of the Committee of Public Accounts is to check that money is spent correctly and to look for value for money, and Mr. Hynes's chief role is to advise the Minister on potential costs. I would hate to see anybody backing away from the few items I have left in the shopping basket, so to speak.

On a point of clarification, like the committee I am rightly precluded from implicitly criticising policy, and there is no attempt to do so in this case. The issue comes through me to the committee as part of the public accountability process, because public financial procedures require an Accounting Officer to ensure that all relevant financial considerations are taken fully into account and, where necessary, brought to the attention of Ministers in the preparation and implementation of policy proposals relating to expenditure or income for which he or she is Accounting Officer. I know that Accounting Officers take that seriously, but when it is out by a multiplier of ten, I think it merits public accountability as an issue in its own right without in any sense questioning the policy issue.

I wish to clarify my position. I know the Comptroller and Auditor General does not have a political bone in his body but it might be a temptation to my committee colleagues to paint as difficult a political picture as possible when questioning policy decisions. That is probably part of the role. My only concern is that Ministers who hope to do good work might be influenced to back off by the criticisms of members of the committee or which may be inferred by the committee's deliberations. I know we do our job capably under the guidance of the Chairman.

Chapter 12.2 of the report of the Comptroller and Auditor General reads:

12.2 Telecommunications System Fraud

The Department of Social and Family Affairs voice phone network consists of 20 Private Automatic Branch Exchange (PABX) telephone systems located throughout the country and connected to the Eircom network. An external contractor maintains the Departments network of PABXs.

On Tuesday 6 August 2002 the Departments account manager at Eircom notified the Department that her risk management section had noticed an atypical telephone pattern of international calls from one of the Departments Dublin PABXs. The Department immediately instructed Eircom to bar international calls from that exchange. Inquiries found that the total value of international calls from the exchange over the previous weekend (August Bank Holiday) amounted to €12,000 approximately.

The Department requested its equipment supplier to help in investigating the matter. The investigation found that:

One particular number on the PABX was an old feature originally used when technical personnel accessed the system for remote maintenance

Remote maintenance had not been used for several years and the feature was obsolete

The Department was not aware that the feature was still enabled

The line in question had no handset attached

Incoming calls to this particular number gave a dial tone rather than ringing

Persons calling the number were in effect connecting to the public service telephone network by virtue of a PABX feature known as Direct Inward System Access

Hackers were using the line to call international locations throughout the world mostly Africa and the Far East.

As part of the investigation a physical extension was attached to the number at the PABX. This allowed the number to be dialled but not to break out and make calls and also facilitated the capture of details of some incoming calls and their caller line identification number. These numbers, where captured, showed that the incoming calls were from Holland, Belgium and Italy. The access feature was then disabled.

The method used to hack the system was to target identifiable Direct Dial Inwards number ranges. Using specifically designed software, numbers in these ranges are dialled consecutively and if a dial tone, rather than a ring tone, is found the system has been compromised. That number is then used to dial out of the system at no charge to the caller.

The matter was reported to the Garda Bureau of Fraud Investigation and the equipment supplier was requested to carry out a full toll fraud audit on the Departments telephone system.

The Department's phone bill for mid-July to mid -August 2002 was €303,546 exclusive of VAT. This compares with the average monthly bill of €125,000. The previous bill was found to be slightly above average when normally it would be substantially less due to holidays.

The Department completed a detailed examination of the electronic version of the telephone bills received from Eircom for the two periods and extracted the total of international calls made from the exchange. Foreign calls totalled €85,297 in the July bill and €208,839 in the August bill giving a total estimated loss to the Department of €294,136.

Having regard to the magnitude of the loss and the failure of the Departments monitoring system to detect the illegal usage, I sought the views of the Accounting Officer.

Accounting Officer's Response

Scale of Telephone Network

The Department has an extensive telephone and data computer network, to support its 4,500 staff in carrying out critical business requirements, linking all 220 Department offices and 25 offices of other Government and social services agencies.

The Department makes every effort to maintain the integrity of the network in accordance with best known practices. There are over 11,000 devices attached to its network. While it is not possible within the constraints of its resources, to carry out detailed examinations of all aspects of the network on a regular basis, the Department is satisfied that its network is managed in accordance with current industry standards.

Failure to detect illegal usage

The increase in the July bill was not noticed because, although there were fluctuations due to changeover from Public Service Telephone Network to Virtual Private Network billing on the one hand and factors such as increase uptake of LoCall services on the other, the overall total was not noticeably higher than the norm.

The telephone bill for August 2002 was received on 4 September 2002, one month after the breach had been detected and addressed. It was only then that the extent of the intrusion became apparent. On 17 September 2002 a copy of all international calls during the period of the breach was received and at that time the final figure was revealed.

The weakness revealed in the particular PABX was a little known feature that was enabled sometime in the early - to mid-nineties. The Department was not aware that this vulnerability existed and consequently could not have foreseen that it would be exploited.

Liability for Illegal Usage

The amount due to Eircom for the period in question was paid. An automatic discount in respect of high volume was received from Eircom, as was a rebate in respect of two days of calls inadvertently charged to the Department following the request to Eircom to suspend international dialling facilities from the office in question, and incurred while that technical work was being carried out.

The Department does not consider that compensation is due from its suppliers as it is not in a position to allocate responsibility to them for the breach.

Corrective Action Taken

Once informed of the problem the Department reacted swiftly to the intrusion and sealed off and made safe the danger area. The other telephone systems in the Department were checked and the feature was found enabled on three others. They were immediately disabled. Work on upgrading telephone systems in all 220 locations to the latest security standards is almost complete.

A software package is now used on all PABXs to monitor outbound call traffic. This service is outsourced and web access is available to local managers to review call traffic appropriate to their functional areas. A similar facility is being implemented for the 200 smaller telephone systems. The issue of assigning responsibilities in some of the larger HQ buildings, which do not have a single business owner, is being addressed.

The reviews are conducted at local level. This will be extended to include all business function areas as quickly as is practicable. Managers will be reminded on a regular basis to ensure that all significant increases or decreases in the level of phone calls are thoroughly investigated and followed up.

Follow-up

The Department notified the Garda Bureau of Fraud Investigation promptly. The Bureau indicated that, at that time, they had a number of similar cases on hands, averaging €45,000 and some as high as €90,000 for one weekend. The Gardaí subsequently arranged to have the matter raised on RTE's Crimeline programme to heighten public awareness of the threat.

Full details, logs and statements were given to the Bureau. Typically, fraud of this nature is orchestrated from outside the jurisdiction and a successful prosecution is extremely difficult to achieve. Subsequent contact suggests that it is unlikely that any further progress will be made in this regard.

The Department of Finance's Centre for Management and Organisation Development (CMOD) was notified and asked to inform other departments of the threat. CMOD sent an advisory letter to all members of the Information and Communications Technologies Managers Forum, which consists of senior IT representatives from all departments.

Chapter 12.2 gives details of a fraud perpetrated on the Department of Social and Family Affairs through the illegal use of its telephone system. The first sign that something was wrong came on 6 August 2002 when the account manager in Eircom notified the Department of an unusually high incidence of international calls emanating from one of its PBXs. The ensuing investigation by the Department's equipment supplier established that an obsolete feature on the telephone system used at one stage for remote technical maintenance was being exploited to facilitate the making of international calls from locations outside the jurisdiction.

Once the modus operandi was uncovered, the access feature was disabled. The other PBXs used by the Department were also checked and the same access feature was found enabled on three more of the systems. Fortunately, they had not been compromised. The feature was immediately disabled on those systems.

The full scale of the fraud became apparent when the Department received its telephone bill for August 2002. That bill, together with the one for July, revealed that international calls from the PBX in question for those months exceeded the normal level to the tune of €294,000. The Department paid the bill in the normal way without seeking a special rebate from Eircom except for the two days when work on suspending the international dialling facilities was being carried out.

The matter was reported promptly to the Garda but I understand there is little hope of success on that front. According to the Garda, it had a number of similar cases in hand at the time, although not for such a large amount.

I am also aware that there had been a telephone system fraud involving international calls in the Office of the Revenue Commissioners shortly before the occurrence in the Department. The fraudulent calls in Revenue amounted to €75,000 but, after negotiations with Eircom, the final cost to Revenue was reduced to €38,000 approximately. Members will see in the report that the Accounting Officer informed me that the Department has since upgraded its telephone security and also improved its monitoring of outbound call traffic.

As outlined in the Comptroller and Auditor General's report on this incident, the facility which allowed this fraud to take place, known as direct system inward access, had been in place in four of the Department's PBX telephone systems for a long period. The PBXs were installed around the mid-1980s when the Department began to use its data network to carry voice traffic to reduce costs. Typically the facility would have been used for remote diagnosis and fixing of faults on the system and may have been there since the systems were installed to facilitate testing and installation. The problem appears to have been that the facility was not disabled as it should have been after it was used. The Department, however, has no record or recollection of the facility being used.

The Department reacted quickly when the problem was identified and has since invested heavily in hardware and software upgrades to bring all telephone systems to the latest security versions, and our policy is to keep them at the latest version.

The wider issues of data and information security generally are key issues for the Department, particularly in the context of greater openness to and co-operation with other agencies in the delivery of services. We are conscious of the need for adequate security in all our systems and, following a review of this matter, a unit has been established in the Department to examine our existing systems and to put any necessary new procedures in place across the Department.

The Comptroller and Auditor General's report has identified weaknesses in the systems. We put a great deal of effort into ensuring that our systems work well and that resources are deployed efficiently and effectively to prevent error and waste. When things go wrong, as they did in this instance and in earlier instances, we tried to learn the appropriate lessons and apply them for the future.

It seems extraordinary that calls costing €294,000 were made from a private automatic branch exchange over eight weeks. It is astonishing that the supplier's technical personnel could access the system remotely for maintenance purposes. With the massive advances in technology, it is astonishing that the possibility of people hacking into the system has not been eliminated. This system feature was installed in the early to mid-1990s. Prior to that time what would you have classified as a ceiling in the system - a level of cost at which the alarm bells would have started to ring? This matter was brought to your attention. The calls were made throughout Africa, the Far East and it was discovered on investigation that the incoming calls in this case were from Holland, Belgium and Italy. With regard to the installation of the system, was there a maintenance contract with the supplier for the overall management of this exchange system?

We did have a maintenance contract, but the purpose of this facility was to enable faults to be diagnosed and work to be done from a remote location. In other words, if there was a problem with the system, experts would be able to dial in and fix the fault without having to be on site. In this case the problem that occurred was that this facility which should have been shut down after it was used or accessed was not shut down. There are people who try to access or carry out this type of fraud on an ongoing basis and they happened to find this number when trawling for numbers to use and were able to use it over this period to make a great number of calls.

On 6 August 2002, Eircom notified the Department that it had noticed a pattern of international calls from one of the Department's private automatic branch exchanges and the total value of calls over the bank holiday weekend was €12,000. It is extraordinary you did not know the level of your telephone bills. In this case the cost of calls made in July and August was €294,000. Could this activity have been ongoing at a much lower level and not have been noticed? What cost level would have alarmed you that fraud was taking place? This matter was brought to your attention by Eircom not by the Department.

That is correct. It was noticed by the customer service manager in Eircom over the bank holiday weekend and reported to the Department. The Eircom manager would not have expected a large volume of calls to be made over that weekend. We do not believe that this has happened previously, certainly not on this scale. We do not think the facility that was accessed in this case was accessed previously for this purpose.

There are constraints on resources within the Department, but we have a maintenance contract on our telephone systems. We have arrangements in place now that our software systems will be kept up to the latest security standards by the people who maintain them for us. We are satisfied that we are up to the minute as far as security is concerned. There is always a possibility that these things could happen and no organisation is immune to being hacked into in this way. I am happy we now have the most up-to-date systems and we are happy with that position.

In view of the potential cost to the State of such incidents going forward, I would like to know from CMOD that the Secretaries General of all Departments have confirmed that appropriate risk management and prevention mechanisms are in place in each Department. Given that such a facility was available in your Department - Mr. Purcell said that such a facility was abused in Revenue - can we be assured that such a facility, which has been in place since the mid-1990s, does not operate in each Department? That might not be a direct question for you but can we get a reply from CMOD on that issue?

As the Chairman is aware, responsibility for IT and communications systems rests with the individual Department and our role is an advisory one. As he said, a letter has gone out and it is a reminder of things that have been said previously about security and good practice in this area. In the course of our meetings with Departments on reviewing their IT and communications expenditures, we have adopted a practice of asking them not so much about particular cases because that is a case of closing the stable door after the horse has gone but, in general, about their risk management, their awareness of risk and what they are doing about it. That has been our practice. I believe the Chairman has a copy of this letter.

I have a copy here if the Chairman needs it. It is a reminder of good practice in respect of possible fraud on phone systems. People are probably more aware of the possibility of the hacking of computer systems because that is in the news practically every day and viruses are always on the go. There is a well known set of things one has to do to ensure the security of computer systems, possibly with phone systems people may not have had quite the same awareness, but with the coming of electronic phones, exchanges, digitalisation and so on, the technologies of computers and phones converged to some degree. These exchanges are programmable and that is where some of the problems arise. In other words, the hacking is something similar to computer hacking.

I know it is a bigger picture, but we are talking about business management and cutting on costs. Over a 60-day period someone could hack into the system, spend €5,000 a day using a system and that was not identified. If a private business got such a bill on its telephone system, the person concerned would be identified very quickly. With the variances of systems throughout the public service, can we be assured, as we speak, that this system is not being abused in any other Department?

Specific advice on this particular vulnerability was sent out. The problem is that there are ingenious fraudsters who continually come up with something new. There is the risk of closing the stable door after the horse has bolted. In computer applications there are commercial providers whose business is security and who almost on a daily basis issue updates to their products to cope with whatever is the latest virus or problem. That area is fairly well taken care of. We certainly are talking to Departments about what they are doing about risk management, and we are putting an emphasis on that.

I would be very disappointed if the Department did not have a tight contractual agreement with the equipment supplier which would clearly specify exactly what the Department wanted, the loopholes in the system and identify the weaknesses in it. In my tenure as Chairman, we have seen so many anomalies in the IT sector where there have been totally inappropriate systems not doing the specified job. Given that someone can get an access code and use the system to that magnitude in one Department, I would not be assured that this is not going on in other Departments in systems which would not be comparable. There could be different suppliers and different systems. I emphasise that I ask the Department of Finance to put out a clear direction to the Departments on computer and telephone systems. I hope that the committee could be reassured that the equipment suppliers have done a check on the systems to ensure this is not going on elsewhere.

I cannot say whether every Department has done that check or not. They have certainly been strongly advised to make sure that that is all right by our advice note. The responsibility is with the individual management but they have certainly been advised in clear terms.

It is a question not just of equipment but of a number of other issues. These are mentioned in the letter, that is, issues of monitoring for which one can get appropriate software and of internal staff discipline like not doing things that leave gaps and vulnerabilities. Sometimes simple issues like not having appropriate passwords, for example, can leave something open to being exploited, in other words, one needs a multifaceted approach. It is not just a question of checking out the equipment. There are several layers of things one needs to do.

On the Chairman's point to the Department of Finance, internationally there are people hacking into institutions on Wall Street nowadays. How far can we go? The Comptroller and Auditor General will always tell us that we must balance what we will spend as against the potential benefits.

One difficulty has been outlined, that we may not have control of a building. If there is a station in a building, for instance, there may be other lines linked to it. However, I would wish that the Department looked at the bigger picture. The Chairman is quite right in saying that we found that those in the computer area are like headless chickens to some extent in that everybody is working on their own. Is that changing? Can CMOD guide all of the Departments on this issue or is there somebody who can outline the correct way to do it rather than leaving it to the Secretary General or the appropriate person down the line? Can CMOD issue a directive rather than advice?

It is in the form of advice rather than of a directive because the responsibility is with the management. In terms of a trade-off, generally the security precautions are not all that expensive, as I understand it. The cost of having to undo the damage, if somebody hacks in, can be very high. Therefore, the trade-off is generally favourable to putting in the firewalls, etc.

As I say, we advise rather than direct. That is the way the system works. We are not in a position of issuing directives to people. We issue advice rather than directives. Given the variability of equipment and of the set-ups of Department, I suspect that advice rather than direction is probably the way to go. I do know that anyone could create a set of directives that would be applicable or even that any central person could really know enough about the individual systems in Departments to know better than the people who are working on them.

We would have said the same about IT systems generally. I hate to say it is a shambles because that is a scatter-gun approach and everybody is brought down by it, but in the past we have found desperate situations. Whereas CMOD is directing and organising, is there an overall IT unit? If not, there should be. Is there, in the Department of Finance or elsewhere, an overall IT unit which is advising or should we have a centralised IT unit because this changes by the day, if not by the hour? Every other day there will be a warning about hackers or spam. We need a central unit, which, the Department pointed out, would be better geared for this than isolated units within each Department. Is there anybody directing the overall IT area and if not, does Mr. Thompson think there should be?

At one stage, there was a much more centralised structure and it was decided a number of years ago to delegate IT spending to Departments and offices and to move away from centralisation, and that policy is still being followed. There is a technical policy unit in CMOD which advises on the broad shape of policy on specific technologies, etc., but the unit in CMOD is quite a bit smaller than the units of some of the big Departments. The IT staff in such Departments would be far more numerous than ours although obviously they have a different job to do. That policy of decentralisation has been followed for a good number of years.

What I suggest would be better than having the Comptroller and Auditor General return year after year with reports on various Departments. There are so many million transactions and only a couple are picked out, but it seems to be repeated ad nauseum that there are difficulties with IT generally in every Department. There have been overruns in at least four Departments.

Chairman, I suggest that the committee look at this question. I know it would be a policy decision eventually, but we have a mandate to advise that because of these occurrences there is a need for co-ordination. I would see this taking in everything - computers, telephone systems and all the other systems that are changing so rapidly.

It is almost an impossible mission to cut these hackers out. They are the best in the business and work internationally. Therefore, one would need a very good team and I do not believe that the Department of Social and Family Affairs is capable of having a team which can match these people. The Department of Health and Children does not have such a team either, but nationally there should be such a team based within the Department of Finance or elsewhere. I would like to see the committee teasing out that question. Chairman, you might put that on the agenda.

The only question I want to pursue on this issue is the maintenance contract between the Department and the company concerned. When the system was purchased I am sure a maintenance contract was taken out. Returning to the officials within the Department who would have dealt with the supplying company, an obvious question they would ask the provider of a maintenance contact would be to outline the response time if there is a problem in the system. Most of these companies can fix one range of faults within four hours, the next range of faults within eight hours and so many others within 24 hours because obviously the system cannot be down. In a maintenance contract, dealing with a problem within a four hour period implies doing so on the spot and that the company has remote access to the telephone system by telephone line. With traffic it could not be expected to get to the Departments on time. I would have assumed that the Department officials who dealt with the contracts knew and discussed remote access and the timescale for repairs that could be activated quickly and diagnosed over the telephone system.

Where did the information get lost such that the Department did not seem to know the information was live on its system? That information was in the Department the day this agreement became effective and the system could not have been purchased without knowing about this. How did the systems or personnel there allow this to get lost, which ultimately meant that people did not know of this gap in the system?

It is fair to say that when the systems were introduced originally, we would have had people within the Department who were expert, if one likes, in telephone systems. Many of these moved on to other places so that the level of expertise within the information technology area in this regard would have changed. People moved on. We did not have a record of this feature being on the PBX systems.

At the time we had maintenance contracts, but they were purely maintenance. It was with a view to ensuring that, if there was a problem with the system and the business was affected, we would get the systems and the business going quickly again. We did not require the maintenance contractors to monitor calls or whatever. That was not something we thought was a problem or likely to be a problem at the time. A record was not available that this facility existed or that it had ever been used. If it had been, obviously we would have made sure that it was not usable at the time this incident happened.

We have a maintenance contractor. We have 20 PBX systems, as we call them, in the Department. We also have a lot of smaller telephone systems in various local offices and so on around the Department. We have a maintenance contractor for each, for the PBX systems and for the other smaller systems. When the incident happened, we got the contractors to upgrade to the latest versions of the software and so on to make sure that we were not vulnerable in this way, and they will be kept up to date in the future. That is part of the deal we have with the contractors.

Mr. Hynes has not answered my basic question. I accept the Department did everything it could when the problem came to light. However, when the PBX system was first purchased, there had to have been a contract from day one covering maintenance of the system. Boards and different fuse boxes will cease to function and there has to be maintenance from day one.

It would not have been possible to purchase something without knowing what was being purchased. Someone who buys a car knows that it has a fifth gear. I am starting from the basis that the officials in the Department responsible for purchasing this equipment knew about its features. I accept what Mr. Hynes said about staff moving on and that there had been internal maintenance that no longer exists.

I want to home in on this matter because it will happen again in some other Department. Staff who have a knowledge in the IT system will move on and in five years the people left will not be aware of the existence of certain features. Obviously, nobody read the manuals from whatever maintenance department existed or perhaps there were no adequate manuals. From day one the people who dealt with this in the Department must have known about the feature. This information got lost in the Department, perhaps due to the passage of time or change of staff.

There is nothing wrong with having such a feature. If there is a problem with a computer in the Houses of the Oireachtas, the IT unit can often address it over an ISDN telephone line. It is a normal feature to carry out repairs, maintenance and diagnostics over the telephone line. Given that this information got lost in the Department in this area of activity, will the same happen in other areas in future when staff change?

I am not sure whether we ever documented the fact that this particular feature on the PBX existed. As I said, it was a feature for the purposes of an outside engineer accessing the system to fix a fault. In practice, because of the size of the systems we have, we had an engineer on site all the time in any event, so we never had any need to use this particular feature. If the feature was ever used, it should have been disabled once it was finished being used. That is the protocol, if one likes, with these systems. Obviously that did not happen and we have no record of the feature ever having been used. I take the Deputy's point. It is important that all these matters are fully documented. Whether this was ever documented, I am not in a position to say.

I believe that there are people in this hacking business who look for numbers that they can access to use in this way. My assumption is that, by chance when they rang our system, they came across this number which was usable. The calls were made from Holland, I understand, and through the system to Africa, Asia and other parts. I have no indication that there was collusion. I am not sure how such collusion could have occurred anyway because it was not a feature that we were aware of in the system. That is how it happened. I think it was a random search for numbers.

We reported the matter, obviously, to the Garda. I think it is difficult to trace these people or to bring a prosecution in any of these cases because it is an international business. It was an international fraud that happened in this case.

I refer to the CMOD letter which was sent to all Departments. It makes fairly simple and eminently sensible recommendations. It is possible to prevent this from happening by call barring certain international destinations. In the normal course of their work, very few civil servants would have to make telephone calls to China, Pakistan, India, west Africa or such places. Accordingly, as a standard procedure on all PBXs, except perhaps in the Department of Foreign Affairs, they should be call barred, and there is a simple way of doing it. One must have a sense of proportion in this regard as a telephone is a very necessary modern instrument of communication. No elaborate systems are required.

On the detection aspect, it is sensible to have monitoring equipment in place, which is not very costly, so that weekly usage can be checked regularly. If there is any degree of atypical usage at a particular extension, one should begin to investigate.

I produced a value for money report some years ago in the mid-1990s on telephone costs. That report would have contained some of those recommendations, if memory serves me correctly. Again, there are no hugely elaborate systems required in this regard and we have to view the amount of money involved in a proper context. However, this illustrates the need for control over telephone costs, including land lines and mobiles.

I thank Mr. Purcell. Is it agreed that we will dispose of Chapter 12.2? Agreed. I propose that we defer consideration of the Vote today. Is that agreed? Agreed. I thank Mr. Hynes, Mr. Quigley and all the Department officials for their attendance. I compliment Mr. Purcell and his team on a very good report.

Yes, we have held off on the Vote. We can take the social insurance fund with the Vote at the next meeting. Is that agreed? Agreed. The agenda for next meeting will include the chapter 8.2 of the report of the Comptroller and Auditor General on the appropriation accounts of Department of Communications, Marine and Natural Resources, Vote 30 - international communications connectivity.