All-of-Government assurance framework for digital investmentsÂ
Governments will use different assurance methodologies at the All-of-Government level to provide confidence across the overall government digital portfolio. There are, however, some core components that should be included. The following is an adaption of a model All-of-Government assurance Framework that could be used as a base to guide a government developing a new or refreshed assurance framework.
​
An All-of-Government Assurance Framework’s purpose is to maximise the likelihood of the successful delivery of digital investments within government agencies.
​
The All-of-Government framework should aim to:
​
-
Enable the government to confidently invest in digital capabilities that support its All-of-Government digital strategy and achieve its desired outcomes;
-
Support well planned and fit for purpose assurance for the digital investments within scope of the Framework;
-
Enable decision makers including Senior Responsible Owners (SRO) and governance Boards to make quality decisions based upon good information;
-
Maximise the value of assurance processes in supporting service delivery, including through agreed time bound recommendations;
-
Provide escalation processes that help agencies take action early to recover investments at high risk of not delivering expected benefits;
-
Support a good flow of data and information on the condition of major investments for the Public Finance and other oversight functions to support reporting and analysis for Ministers responsible for the investment portfolio;
-
Not alter accountabilities for delivery which rests with the line agencies undertaking delivery.
​
It is assumed that any government utilising this or similar assurance frameworks already have appropriate All-of-Government oversight functions in place. These may exist within the central government finance function or a distinct government digital entity with responsibility for oversight of the governments digital strategy.
​
​
Why is an All-of-Government assurance important?
​
Assurance supports the successful implementation of digital investments. If done well, assurance can support government agencies to:
-
align their digital investments with an All-of-Government digital strategy;
-
mobilise the assurance arrangements identified during the investment lifecycle and as outlined in the assurance plan for the investment;
-
achieve planned, targeted and fit-for-purpose assurance, with appropriate use of assurance information to improve the quality of decisions by Senior Responsible Officials (SROs) and governance boards;
-
maximise the value of assurance in supporting successful delivery, including through ensuring agreed recommendations;
-
apply clear escalation protocols which support decisive early action to recover investments at higher risk of not delivering expected benefits
-
provide reporting on the condition of major investments for central agencies, supporting analysis for Ministers, senior officials and other decision makers.
​
There are four key steps required as part of the All-of-Government assurance framework for digital investments:
​
Step 1 – Confirm the investments priority level
​
Under the Assurance Framework, proposed investments should be assigned a priority level in order to categorise how strategically important, valuable and risky the investment is. The priority level of an investment is determined by an assessment against a number of factors, including the strategic significance of the investment to government, the agencies delivery track record, the availability of required skills and resources, and the maturity of the agency oversight arrangements.
​
Step 2 – Plan for assurance
​
Agencies should already be planning how they will undertake assurance over their investments. As part of this planning, agencies should be aware of the minimum assurance requirements applicable to the Priority level of the investment. Investments at the highest Priority level will be required to plan assurance at the highest level. The assurance plan agreed should be submitted to the oversight function for consideration by Ministers and/or senior officials and approval as part of the process.
​
Step 3 – Use assurance effectively during delivery
​
The assurance process is not static and agencies need to continue assurance activities through the implementation phases. This means agencies should adhere to the approved assurance plan and meet ongoing reporting and engagement requirements.
​
Step 4 – Follow the escalation protocols (if required)
Digital investments frequently face challenges during the delivery phases and should receive additional oversight and support. Escalation protocols should be appropriate for the nature of the challenge and designed to be fundamentally enabling. This could include assistance from the oversight function in the development of remediation plans and undertaking independent reviews.
​
Investment categories for assurance
Digital investment needs to be assigned within one of the priority levels determined by the government digital investment oversight function. This will help to prioritise assurance activity on the most important investments. Conversely, it also helps reduce the burden of assurance required over lower risk investments.
​
The priority level of an investment will need to be determined by the oversight function in consultation with the primary responsible agency for designated digital investments. The priority level should be determined during the planning stage of the investment lifecycle and before proposals are brought forward for an investment decision by Ministers.
The priority level used should be agreed through a combination of a weighted score and the estimated total cost to implement the proposal. The weighted score could be calculated through an assessment conducted by the oversight function using defined factors to determine implementation risk, complexity, strategic importance, and the consequences of delivery failure. This assessment should be undertaken in consultation with the primary agency involved.
The priority level assigned to the investment will determine the level of assurance activity required and escalation planning should significant risks emerge.
​
​
Assurance for Priority 1 and 2 investments
​
Assurance arrangements should follow good practice for assurance and meet the minimum requirements:
assurance activities clearly outlined and with regard to key risks, milestones and decision points;
-
assurance integrated into governance mechanisms;
-
accountabilities clearly identified that are fit for purpose and able to be maintained for the investment. This will require regular review of the assurance plan. For Priority one investments, the plan should generally be reviewed at least every 6 months and Priority two at least once a year;
-
arrangements are put in place to meet the assurance oversight requirements during delivery (including, for Priority one investments, including the oversight function as an observer on primary governance body);
-
a proportionate budget for the assurance activity;
-
plans for routine assessment of delivery confidence to be undertaken by independent expertise against the requirements set by the oversight function. For Priority one investments, this means undertaking delivery confidence assessments quarterly. For Priority two, this usually means having delivery confidence assessments every 6 months.
​
​
Assurance for Priority 3 investments
​
Assurance arrangements should follow good practice for assurance and meet the minimum requirements:
-
demonstrate arrangements which align with good practice assurance requirements;
-
have arrangements which are commensurate to the risk and complexity of the proposed investment and support decision-making.
​
Principles for good assurance
​
Digital investment regardless of the priority level should already be applying the basic principles when planning and delivering assurance. These principles will provide confidence that government digital investments will achieve their objectives.
​
​
Leadership sponsorship of assurance
​
It is critical that the leadership within agencies actively engage with assurance activities and encourage a culture of transparency and ongoing improvement. Leadership should see assurance as a means to receive constructive advice that will increase the likelihood of success for their digital investments. It means there should be:
-
clear accountability for achieving and maintaining fit for purpose assurance activity that is promoted as essential for successful investment delivery;
-
transparency displayed by responsible senior officials and the promotion of a culture that welcomes constructive challenge;
-
implementation of agreed recommendations and subsequent monitoring so that escalation occurs when agreed timeframes are not kept;
-
senior responsible officials and governance committee/s engaging with assurance outcomes and processes to ensure they remain fit for purpose during implementation.
​
Intentional planning for assurance
​
Ensuing there is sound preparation and maintenance of appropriate assurance plans. This means there should be:
-
sound formal planning for assurance, with active monitoring to support iteration of the plan during delivery and when the risk context changes;
-
adequate budget and resources for assurance activities are reflected in plans and the Business Case;
-
coordination of all sources of assurance to avoid duplication to ensure the focus of assurance is on the most important areas;
-
assurance activity based upon the lessons learned from previous, similar investments;
-
clear roles and responsibilities for assurance with governance mechanisms and confirmation of specific roles (such as the Senior Responsible Official).
​
​
Enable good decision making
​
Assurance should be an enabler that uses good information to support sound timely decisions. This means there should be:
-
clear and agreed investment outcomes and expected benefits and assessments of delivery confidence;
-
decisions points around key milestones;
-
clear assurance information that supports informed decision-making using consistent definitions and standards;
-
sound and well-run governance mechanisms so that oversight functions that have the right level of access to transparent assurance activity and can easily determine where to focus escalations.
​
Sharp focus on risk and outcomes
​
Assurance activities should have a sharp focus on assessing the key risks to delivery, and the outcomes being sought. This means there should be:
-
fit for purpose assurance activities that are mapped to key risks inhibiting the realisation of investment goals;
-
forward looking, proactive mindset to assurance centred around supporting the investment maintain delivery confidence.
-
good support to governance committees and the Senior Responsible officials to help them identity high priority risks and prioritise their efforts accordingly.
​
​
Expert-led and independent
​
Assurance activities needs to be supported by independent expert reviewers. Ideally, the reviewers should have experience with digital investments of a similar scale and complexity. This means that there should be:
-
adequate understanding of assurance activities required so that the expertise of the reviewers matches and that they have the necessary skills and experience;
-
transparency around any possible conflicts of interest so that they can be managed, and the governance mechanisms and Senior Responsible Official are provided with objective and independent advice;
-
access the right people and resources required and the evidence base for their assessments can be validated;
-
reporting standards where required by the oversight function.
This guidance can be used in conjunction with other GJC recommendations around government digital investment.