Purpose and scope 

The Australian Government’s Assurance Framework for Digital and ICT Investments (the Assurance Framework) ensures a robust assurance regime is achieved and maintained for in-scope investments. 

While assurance is not in itself responsible for delivering outcomes, effective risk management and assurance are critical to good governance and ensuring investments deliver expected outcomes.

Scope 

The Assurance Framework must be adhered to if both the following apply: 

As a guiding principle, a digital or ICT investment is an investment which uses technology as the primary lever for achieving expected outcomes and benefits. This includes investments which are:

  1. transforming the way people and businesses interact with the Australian Government 
  2. improving the efficiency and effectiveness of Australian Government operations, including through automation. 

The Digital Transformation Agency determines whether your investment meets the definition of a digital or ICT investment. If you are unsure whether your investment meets this definition, you must contact investment@dta.gov.au

Even if this framework does not apply to your agency or to your investment, agencies are encouraged to follow the Key Principles for Good Assurance and apply the framework to the extent it is relevant to your circumstances.

Global learnings and experience 

Independent assurance, such as gateway reviews, can provide vital challenge and support for key decisions and progress points across the project life. To work well, independent assurance should be planned in advance … [and] should be co-ordinated.

Principles for a digital future: Lessons learned from public sector ICT projects

Audit Scotland

Background 

From 1 July 2021, the Digital Transformation Agency was given whole-of-government responsibility for managing strategic coordination and oversight functions for digital and ICT investments, including during the delivery phase. 

In delivering its new mandate, the DTA is required to provide Ministers, the Secretaries Digital and Data Committee and other key stakeholders with confidence that digital and ICT investments are being well designed, are optimised to deliver value for the APS Enterprise as well as for individual agencies and, if funded, will achieve their investment objectives. 

This Assurance Framework’s goal is to maximise the value of assurance to successful delivery of digital and ICT investments, drawing on global experience and learnings. To achieve this, the framework aims to:

  • Achieve carefully planned, targeted and fit for purpose assurance for all in-scope investments, with assurance information applied effectively to improve the quality of decisions by Senior Responsible Officials (SROs) and governance boards. 
  • Maximise the value of assurance in supporting successful delivery, including through ensuring agreed recommendations are implemented in a timely manner.
  • Realise clear escalation processes which help agencies take decisive early action to recover investments at higher risk of not delivering expected benefits. 
  • Achieve a steady flow of reliable information on the condition of major investments for central agencies, supporting reporting and analysis for Cabinet and Ministers on the investment portfolio. 

Importantly, the framework does not dilute accountability for delivery which remains with agencies leading delivery. 

Learn more about the DTA’s broader digital and ICT investment oversight role.

Global learnings and experience 

Assurance provides information to those who finance, sponsor, govern and manage a project. It informs decisions that can reduce project failure, promote conditions for success and increase the chance of delivering the required outcome cost-effectively.

Assurance for major projects

National Audit Office (United Kingdom)

Definition of assurance 

In this framework, assurance is defined as independent and objective assessments and evaluations undertaken by people and entities separate to the delivery team and SRO to support decision-making. 

This definition of assurance includes: 

  • project health checks undertaken by your agency’s Enterprise Project Management Office 
  • audits undertaken by your agency’s internal audit function 
  • Australian Government Assurance Reviews (including Gateway Reviews) commissioned by Ministers and coordinated by the Department of Finance 
  • delivery assurance from independent assurance providers. 

The words ‘independent and objective’ in the definition above are very important. Assurance received from sources also providing advisory or delivery services to your investment will not meet this definition. The framework focusses on ensuring assurance is sourced from suitably independent and objective sources. 

How will the DTA assess independence and objectivity? 

The DTA will start from the position that, to be relied upon, a source of assurance advice and information needs to feel truly free to reflect openly about the investment they have been asked to assess or evaluate. 

The Independence and objectivity of a source of assurance will be assessed through several lenses including if a source of assurance has had prior involvement with an investment in a delivery or advisory capacity and whether there are any other actual or perceived conflicts of interest for the source of assurance. 

What are some examples of assurance activities likely to meet the definition? 

  • Health Check: An independent, lightweight assessment of how the investment is tracking against its benefits by an external specialist assurer. 
  • SRO Adviser: An independent advisor to the SRO with experience in similar investments. 
  • Integrated Assurance: An independent assurance team which has an ongoing presence within the investment to provide confidence in delivery. 
  • Gateway Assurance: Commissioned by the Government for high-risk and high-value investments. 
  • Go-Live Assessment: An independent review to provide additional confidence prior to a go-live decision being made. 
  • Independent Board Member: An independent, experienced board member who helps the board keep the investment on track. 
  • Targeted Review: A review of key areas of risk or an area critical to successful delivery by a specialist independent external team. 
  • Internal Audit: A review by the internal audit function of an agency, usually for high-risk investments or investments expected to make a key contribution to the achievement of the agency’s mission.

Assurance Framework overview

The DTA is responsible for providing Ministers and other key stakeholders with confidence that assurance is being applied effectively to support successful delivery of digital and ICT investments. 

The Assurance Framework helps us do this by: 

  • ensuring agencies plan for assurance by requiring investments brought forward for decision by Government apply the Key Principles for Good Assurance and meet minimum requirements 
  • overseeing assurance arrangements during delivery, including ensuring agencies continue to adhere to the Key Principles for Good Assurance and their approved Assurance Plans 
  • supporting funding release decisions by ensuring reliable assurance information is available at the right moments for Ministers and agencies 
  • triggering escalation protocols to support remediation efforts when an investment’s delivery confidence falls below certain levels. 

If your agency is bringing forward an in-scope investment (see ‘Purpose and Scope’ above), you must follow the steps below. 

Step 1: Confirm the applicable investment tier 

Under the Assurance Framework, proposed investments are assigned a tier rating, to provide the greatest support in applying the Key Principles for Good Assurance to the most strategically important, valuable and risky investments. 

The tier of an investment is determined by the DTA through an assessment against a number of factors, including the strategic significance of the investment, agency delivery history, the availability of required skills, and the maturity of the agency’s oversight arrangements. 

Step 2: Plan for assurance 

Agencies are required to plan for assurance. 

This means you must apply the Key Principles for Good Assurance and meet minimum assurance requirements applicable to the tier of the investment. The resultant Assurance Plan agreed with the DTA will be submitted to Cabinet for approval as part of the proposed investment. 

Step 3: Use assurance effectively during delivery 

Throughout the delivery of your investment, you must continue to use assurance effectively. 

This means you must deliver according to your approved Assurance Plan, continue to apply the Key Principles for Good Assurance and meet ongoing reporting and engagement requirements. 

Step 4: Follow the escalation protocols (if required) 

Investments that encounter difficulty during delivery receive additional oversight and support. This can include assistance in preparing an evidence-based remediation plan, undertaking independent health-checks and/or expert-led investment reviews. Depending on the tier and condition of an investment, as well as whether the Enhanced Notification Process applies, different escalation protocols apply. The DTA will support agencies in understanding the requirements applicable to their investments.

Key principles for good assurance

Next page

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession