All-of-Government assurance framework for digital investments 

The priority level assigned to the investment will determine the level of assurance activity required and escalation planning should significant risks emerge. 

​

​

Assurance for Priority 1 and 2 investments 

​

Assurance arrangements should follow good practice for assurance and meet the minimum requirements: 

assurance activities clearly outlined and with regard to key risks, milestones and decision points; 

• assurance integrated into governance mechanisms; 

• accountabilities clearly identified that are fit for purpose and able to be maintained for the investment. This will require regular review of the assurance plan. For Priority one investments, the plan should generally be reviewed at least every 6 months and Priority two at least once a year; 

• arrangements are put in place to meet the assurance oversight requirements during delivery (including, for Priority one investments, including the oversight function as an observer on primary governance body); 

• a proportionate budget for the assurance activity; 

• plans for routine assessment of delivery confidence to be undertaken by independent expertise against the requirements set by the oversight function. For Priority one investments, this means undertaking delivery confidence assessments quarterly. For Priority two, this usually means having delivery confidence assessments every 6 months. 

​

​

Assurance for Priority 3 investments 

​

Assurance arrangements should follow good practice for assurance and meet the minimum requirements: 

• demonstrate arrangements which align with good practice assurance requirements; 

• have arrangements which are commensurate to the risk and complexity of the proposed investment and support decision-making. 

 

​

Principles for good assurance 

​

Digital investment regardless of the priority level should already be applying the basic principles when planning and delivering assurance. These principles will provide confidence that government digital investments will achieve their objectives. 

​

​

Leadership sponsorship of assurance 

​

It is critical that the leadership within agencies actively engage with assurance activities and encourage a culture of transparency and ongoing improvement. Leadership should see assurance as a means to receive constructive advice that will increase the likelihood of success for their digital investments. It means there should be: 

• clear accountability for achieving and maintaining fit for purpose assurance activity that is promoted as essential for successful investment delivery; 

• transparency displayed by responsible senior officials and the promotion of a culture that welcomes constructive challenge; 

• implementation of agreed recommendations and subsequent monitoring so that escalation occurs when agreed timeframes are not kept; 

• senior responsible officials and governance committee/s engaging with assurance outcomes and processes to ensure they remain fit for purpose during implementation. 

 

​

Intentional planning for assurance 

​

Ensuing there is sound preparation and maintenance of appropriate assurance plans. This means there should be: 

• sound formal planning for assurance, with active monitoring to support iteration of the plan during delivery and when the risk context changes; 

• adequate budget and resources for assurance activities are reflected in plans and the Business Case; 

• coordination of all sources of assurance to avoid duplication to ensure the focus of assurance is on the most important areas; 

• assurance activity based upon the lessons learned from previous, similar investments; 

• clear roles and responsibilities for assurance with governance mechanisms and confirmation of specific roles (such as the Senior Responsible Official). 

​

​

Enable good decision making 

​

Assurance should be an enabler that uses good information to support sound timely decisions. This means there should be: 

• clear and agreed investment outcomes and expected benefits and assessments of delivery confidence; 

• decisions points around key milestones; 

• clear assurance information that supports informed decision-making using consistent definitions and standards; 

• sound and well-run governance mechanisms so that oversight functions that have the right level of access to transparent assurance activity and can easily determine where to focus escalations. 

 

​

Sharp focus on risk and outcomes 

​

Assurance activities should have a sharp focus on assessing the key risks to delivery, and the outcomes being sought. This means there should be: 

• fit for purpose assurance activities that are mapped to key risks inhibiting the realisation of investment goals; 

• forward looking, proactive mindset to assurance centred around supporting the investment maintain delivery confidence. 

• good support to governance committees and the Senior Responsible officials to help them identity high priority risks and prioritise their efforts accordingly. 

​

​

Expert-led and independent 

​

Assurance activities needs to be supported by independent expert reviewers. Ideally, the reviewers should have experience with digital investments of a similar scale and complexity. This means that there should be: 

 

• adequate understanding of assurance activities required so that the expertise of the reviewers matches and that they have the necessary skills and experience; 

• transparency around any possible conflicts of interest so that they can be managed, and the governance mechanisms and Senior Responsible Official are provided with objective and independent advice; 

• access the right people and resources required and the evidence base for their assessments can be validated; 

• reporting standards where required by the oversight function. 

 

This guidance can be used in conjunction with other GJC recommendations around government digital investment.