Assurance implementation requirements

If an in-scope investment is funded, the DTA’s focus turns to monitoring implementation of agreed assurance arrangements and ensuring that minimum requirements continue to be met. This work is undertaken to ensure that assurance advice and information obtained by investments is of consistently high-quality, is sufficiently independent and is used effectively to support decision-making and maintain delivery confidence. 

Regardless of tier, investments are required to continue to apply the Key Principles for Good Assurance during delivery. Additionally, all investments should be benefits-led where the primary focus is on delivering value. The DTA’s Benefits Management Policy provides guidance on this topic.

Requirements by Tier 

Tier 1 

You must show that assurance is being applied effectively throughout delivery, including by continuing to apply the Key Principles for Good Assurance. You must also meet the following minimum requirements: 

  • Include DTA representation on your investment’s governance committee. 
  • Agree terms of reference for external assurance activities with the DTA prior to commencement. 
  • When approaching the market for independent assurance providers, agree approach to market materials with the DTA. 
  • Review and update your Assurance Plan through the governance committee with DTA representation every six (6) months (or as otherwise stated in your Assurance Plan), and provide the updated version to the DTA for review and agreement. 
  • Provide draft and final assurance reports to the DTA for oversight purposes. Note that Gateway Review reports will be handled in accordance with agreed protocols for the handling of Gateway material. 
  • Ensure governance bodies with DTA representation receive regular reporting on progress implementing agreed assurance recommendations. 
  • Advise the DTA when there is a material variation from planned assurance arrangements. 

Tier 2 

You must show that assurance is being applied effectively throughout delivery, including by continuing to apply the Key Principles for Good Assurance. You must also meet the following minimum requirements: 

  • Provide terms of reference for external assurance activities as endorsed by the SRO to the DTA for comment prior to commencement. 
  • Review and update your assurance plan through your governance body at least every 12 months, and provide the updated version to the DTA for review. 
  • Provide final assurance reports to the DTA for oversight purposes. Note that Gateway Review reports will be handled in accordance with agreed protocols for the handling of Gateway material. 
  • Provide summary reporting to the DTA on recommendation implementation progress. 
  • Advise the DTA when there is a material variation from planned assurance arrangements. 

Tier 3 

You must show that assurance is being applied effectively throughout delivery, including by continuing to apply the Key Principles for Good Assurance. You must also meet the following minimum requirements: 

  • Provide final assurance opinions and reports to the DTA for oversight purposes. Note that Gateway Review reports will be handled in accordance with agreed protocols for the handling of Gateway material. 
  • Advise the DTA when there is a material variation from planned assurance arrangements.

Delivery confidence assessments during implementation 

The DTA draws heavily on assurance information to inform and focus its oversight and engagement across the portfolio of in-flight digital and ICT investments. 

Delivery Confidence Assessment (DCA) ratings result from independent assurance activities that agencies conduct. These confidence ratings provide an indication of an investment’s overall trajectory to deliver on intended outcomes and benefits. 

As per assurance planning requirements articulated in the previous sections: 

  • Tier 1 investments are required to conduct assurance activities resulting in a DCA on a quarterly basis with draft and final assurance reports provided to the DTA. 
  • Tier 2 investments are required to conduct assurance activities resulting in a DCA on a biannual basis with final assurance reports provided to the DTA. 
  • Tier 3 investments are recommended to conduct assurance activities resulting in a DCA as needed with final assurance reports provided to the DTA. 

Consistency in how DCAs are defined is critical to the effectiveness of the DTA’s oversight. Assurance activities that require the inclusion of a DCA in reports provided to the DTA must use the below definitions which align to the DCA ratings used for Australian Government Assurance Reviews or, with the agreement of the DTA, use other definitions which map to the below ratings.

RatingDescription
HighSuccessful delivery of the investment to time, cost, quality standards and benefits realisation appears highly likely and there are no major outstanding issues that at this stage appear to threaten delivery significantly.
Medium HighSuccessful delivery of the investment to time, cost, quality standards and benefits realisation appears probable however constant attention will be needed to ensure risks do not become major issues threatening delivery.
MediumSuccessful delivery of the investment against budget, schedule, scope and benefits, appears feasible but significant issues already exist, requiring management attention. These appear resolvable at this stage and, if addressed promptly, should not present a cost/schedule overrun or loss/delay of benefits.
Medium LowSuccessful delivery of the investment requires urgent action to address major risks or issues in a number of key areas. Changes to budget, schedule, scope or benefits may be necessary if the investment is to be delivered successfully.
LowSuccessful delivery of the investment requires changes to budget, schedule, scope or benefits. There are major issues with investment definition, schedule, budget, quality and/or benefits delivery, which don't appear to be manageable or resolvable without such changes being made.

Note: Depending on the tier your investment is assigned, different minimum assurance planning, assurance implementation and escalation protocol requirements will apply. To confirm your investment tier, please contact investment@dta.gov.au.

Guidance for assessing DCAs

Guidance for assessing DCAs The DTA has collaborated with academia to develop guidance for assessing the delivery confidence of digital projects. For more information, visit the DTA’s Digital project research series.

Major Digital Projects Report 

Major Digital Projects Report DCA ratings are released publicly every year through the Major Digital Projects Report (unless exempt, including due to national security considerations). This report provides transparency over digital project performance for Parliament and Australians. 

For more information on the report, please contact portfolio.assurance@dta.gov.au

Escalation protocols

Next page

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession