Assurance Planning Requirements

The goal of structured assurance planning is to ensure that all in-scope investments proactively design fit-for-purpose and proportionate assurance arrangements which ensure, if the investment is funded, that assurance is applied effectively to support successful delivery and realisation of expected benefits. 

Regardless of tier, all in-scope investments are required to agree an Assurance Plan with the DTA prior to investment decision. This plan must show how the investment will meet the Key Principles for Good Assurance as well as the requirements applicable to the tier. A specific recommendation must be included in your investment submission seeking Cabinet agreement to the Assurance Plan. The DTA will advise and support you in preparing this.

Minimum Requirements by Tier 

Tier 1 and Tier 2 

Assurance arrangements must address the Key Principles for Good Assurance and meet the minimum requirements laid out below. 

Minimum Requirements 

The DTA must be satisfied that you have: 

  • Mapped planned assurance activities to key risks, milestones and decision points (the DTA will assess whether the link between planned activities and achieving the investment outcomes and benefits’ are sufficiently clear, and check to ensure overlap is minimised and assurance is proportionate to risk). 
  • Integrated assurance into your governance approach (this includes in the terms of reference for governance bodies). 
  • Identified who is accountable for ensuring a fit for purpose assurance approach is achieved and maintained for the investment. This includes regularly reviewing the Assurance Plan. For Tier 1 investments, the plan should generally be reviewed at least every 6 months. For Tier 2, this would generally be at least every year.
  • Put arrangements in place to meet the mandatory DTA assurance oversight requirements during delivery (including, for Tier 1 investments, participation by the DTA as an observer on the primary investment governance body). 
  • Budgeted for assurance. 
  • Planned for regular assurance activities that provide a Delivery Confidence Assessment (DCA) rating, undertaken by suitably skilled, independent and objective assurance providers using the Assurance Framework’s DCA scale outlined in the Assurance Implementation Requirements section (see page 13). For Tier 1 investments, the plan should include assurance activities resulting in a DCA rating at least quarterly. For Tier 2, the plan should include assurance activities resulting in a DCA rating at least every 6 months. 

Tier 3 

Assurance arrangements must address the Key Principles for Good Assurance and the minimum requirements below. The level of detail required for Tier 3 investments will be agreed between the DTA and the agency. 

Minimum Requirements 

The DTA must be satisfied that you have: 

  • Arrangements which align to the Key Principles for Good Assurance. 
  • Arrangements which are commensurate to the risk and complexity of the proposed investment, which will support good decision-making. 
  • Considered and included assurance activities that result in DCA ratings – as needed. 

How DTA Assesses Assurance Plans 

The level of assurance applied to an investment must always be commensurate to risk and complexity. The DTA will assess Assurance Plans with a focus on ensuring that they meet the Key Principles for Good Assurance. This includes by ensuring all plans are: 

  • Focussed on key risks and the areas of most importance to successful delivery. 
  • Designed to maximise the value of assurance to decision-making, including by timing activities to feed into key decisions. 
  • Have clear governance of assurance arrangements, with a focus on maximising the value of assurance including through timely implementation of recommendations. 
  • Manage the compliance burden placed on teams through assurance activities, including by avoiding overlap. 

The DTA does not start from a position that every investment requires more assurance. In fact, if the DTA’s assessment of proposed arrangements suggests that there is excessive assurance, or that assurance from multiple sources needs to be better coordinated, the DTA may encourage an agency to reconsider the coverage or frequency of assurance activities. 

Assurance and Benefits Management 

Better practice benefits management applies to all digital and ICT-enabled investments irrespective of size, scale, and complexity. 

Without a clear understanding of the benefits an investment is funded to deliver, decisions made during an investment’s implementation can result in the investment failing to achieve its intended outcomes. 

Suitable and measurable benefits should be identified during investment planning and a culture of reporting benefits embedded in the governance and assurance activity arrangements. This approach not only enables governance bodies to manage and monitor investments to determine whether change is required but can be used as a recovery action to refocus investments on delivering what is important or essential. 

Alignment and compliance with DTA’s Benefits Management Policy (BMP) is assessed by the DTA during the Digital Capability Assessment Process (DCAP) and considered throughout the delivery of an investment. As with all assurance activities, the level of BMP assessment is commensurate with investment, stage, size, and complexity. 

Governance Body Participation 

For all Tier 1 and some Tier 2 investments, the DTA participates as an observer on investment governance bodies to monitor assurance arrangements. This includes ensuring that the arrangements agreed in the Assurance Plan are implemented and the Key Principles for Good Assurance are effectively applied. 

Lead agencies are responsible for advising the DTA of governance body information by emailing investment@dta.gov.au. Agencies must also ensure that the governance body terms of reference clearly identifies DTA participation as well as the role of the governance body in overseeing assurance arrangements. This includes monitoring progress and implementing agreed recommendations. 

Relationship with the Gateway Review Process 

Your agency may also be required to engage with the Department of Finance to determine if any Australian Government Assurance Reviews (including Gateway reviews) will be recommended for an investment. 

Assurance arrangements coordinated by the Department of Finance and the DTA are complementary to one another. When determining whether an investment’s proposed assurance arrangements are fit for purpose and meet the requirements under the Assurance Framework, the DTA takes into consideration whether Australian Government Assurance Reviews are expected to be applied.

Assurance implementation requirements

Next page

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession