https://identityassurance.blog.gov.uk/2014/02/13/organisation-and-authority-management-discovery/

Organisation and Authority Management Discovery

IndividualsBigStickySort

Back in November, we blogged about authority management  - an extension of the identity assurance programme which will allow people to act digitally on behalf of other people or organisations.

We’ve just completed a nine-week discovery exercise. Our aims were to understand:

  • user needs

  • government needs

  • the main user journeys

We plan to use our findings to help us design alpha projects.

The team

We set up a discovery team that included technical architecture, business analysis and user research. We also included representatives from HMRC and DWP - two of the departments that have large scale services that will need to provide ways for people to act on behalf of organisations and other people.

What we’ve been doing

We held 30 workshops with 15 different government departments and agencies. We also ran an intensive research programme involving 78 participants; covering individuals, people from organisations (small, medium and large employers) accounting firms and tax agents.

What we’ve found

We’ve learned a lot - and quickly. The following insights were common to all audience types:

  • we found many people, at home and at work, will take a relaxed attitude to letting others know their usernames and passwords if they think they can trust the other person

  • people tend to delegate and share tasks with those that they trust

  • people tend to have mixed views about how far services should go in formally recognising when someone has delegated a task to someone else - it depends on the context, the task and the perceived benefits

  • people delegate tasks for reasons such as expertise and advice

  • when delegating tasks, people are concerned about their liability

  • when acting on behalf of someone else, people need it to be made really clear whether questions are directed at them or the person they’re acting on behalf of

Organisations

Our user research found differences between scenarios in organisations, particularly in relation to the size of the firm. Delegation in large organisations is complex and fragmented. Responsibilities for interacting with different government services may be split across different teams and may be divided up amongst individuals within teams.

Employees don’t tend to like the idea of using their personal identity when completing a task on behalf of their organisation. This idea appealed only to those who owned the company and for whom there were benefits in being able to access personal and work information using one set of login credentials.

Agents

Agents (e.g: accounting firms) are heavy users of government services. They often have many clients and can access client records up to 40 times a day. They need a system that is easy to use and offers reliability and security.

Some agents access some government services using third-party software. Software is used because it is quick and reliable and because it manages workflow and delegations. This controls access and employees only see client information that is relevant to them.

Individuals

In most cases individual users aren’t formally delegating rights and responsibilities to another person. Typically, an individual would sit alongside offering support to a friend or family member making a benefit or tax submission, rather than take on the task in its entirety.

However, people will consider formally delegating a transaction to someone else if there is a relationship of close trust between helper and delegator, and if both parties are clear that the delegator would not be able to complete the transaction on their own.

What’s next

We’ve shared our findings with the government departments that we worked with during discovery. The next step is to agree the shape and scope of alpha. We’ll keep using this blog to let you know what we’re doing as we work through the process.