Background
From 1 July 2021, the Digital Transformation Agency was given whole-of-government responsibility for managing strategic coordination and oversight functions for digital and ICT investments, including during the delivery phase.
In delivering its new mandate, the DTA is required to provide Ministers, the Secretaries Digital and Data Committee and other key stakeholders with confidence that digital and ICT investments are being well designed, are optimised to deliver value for the APS Enterprise as well as for individual agencies and, if funded, will achieve their investment objectives.
This Assurance Framework’s goal is to maximise the value of assurance to successful delivery of digital and ICT investments, drawing on global experience and learnings. To achieve this, the framework aims to:
- Achieve carefully planned, targeted and fit for purpose assurance for all in-scope investments, with assurance information applied effectively to improve the quality of decisions by Senior Responsible Officials (SROs) and governance boards.
- Maximise the value of assurance in supporting successful delivery, including through ensuring agreed recommendations are implemented in a timely manner.
- Realise clear escalation processes which help agencies take decisive early action to recover investments at higher risk of not delivering expected benefits.
- Achieve a steady flow of reliable information on the condition of major investments for central agencies, supporting reporting and analysis for Cabinet and Ministers on the investment portfolio.
Importantly, the framework does not dilute accountability for delivery which remains with agencies leading delivery.
Learn more about the DTA’s broader digital and ICT investment oversight role.
Definition of assurance
In the Assurance Framework, assurance is defined as independent and objective assessments and evaluations undertaken by people and entities separate to the delivery team and SRO to support decision-making.
This definition of assurance includes:
- project health checks undertaken by your agency’s Enterprise Project Management Office
- audits undertaken by your agency’s internal audit function
- Australian Government Assurance Reviews (including Gateway Reviews) commissioned by Ministers and coordinated by the Department of Finance
- delivery assurance from independent assurance providers.
The words ‘independent and objective’ in the definition above are very important. Assurance received from sources also providing advisory or delivery services to your investment will not meet this definition. The framework focusses on ensuring assurance is sourced from suitably independent and objective sources.
How will the DTA assess independence and objectivity?
The DTA will start from the position that, to be relied upon, a source of assurance advice and information needs to feel truly free to reflect openly about the investment they have been asked to assess or evaluate.
The independence and objectivity of a source of assurance will be assessed through several lenses including if a source of assurance has had prior involvement with an investment in a delivery or advisory capacity and whether there are any other actual or perceived conflicts of interest for the source of assurance.
What are some examples of assurance activities likely to meet the definition?
- Health check: An independent, lightweight assessment of how the investment is tracking against its benefits by an external specialist assurer.
- SRO adviser: An independent advisor to the SRO with experience in similar investments.
- Integrated assurance: An independent assurance team which has an ongoing presence within the investment to provide confidence in delivery.
- Gateway assurance: Commissioned by the Government for high-risk and high-value investments.
- Go-Live assessment: An independent review to provide additional confidence prior to a go-live decision being made.
- Independent board member: An independent, experienced board member who helps the board keep the investment on track.
- Targeted review: A review of key areas of risk or an area critical to successful delivery by a specialist independent external team.
- Internal audit: A review by the internal audit function of an agency, usually for high-risk investments or investments expected to make a key contribution to the achievement of the agency’s mission.
Assurance Framework overview
The DTA is responsible for providing Ministers and other key stakeholders with confidence that assurance is being applied effectively to support successful delivery of digital and ICT investments.
The Assurance Framework helps us do this by:
- Ensuring agencies plan for assurance, by requiring investments brought forward for decision by Government apply the 5 Key Principles for Good Assurance and meet minimum requirements
- Overseeing assurance arrangements during delivery, including ensuring agencies continue to adhere to the 5 Key Principles for Good Assurance and their approved Assurance Plans
- Supporting funding release decisions, by ensuring reliable assurance information is available at the right moments for Ministers and agencies
- Triggering escalation protocols to support remediation efforts when an investment’s delivery confidence falls below certain levels.
If your agency is bringing forward an in-scope investment (see ‘Purpose and Scope’ above), you must follow the steps below.
Step 1: Confirm the applicable investment tier
Under the Assurance Framework, proposed investments are assigned a tier rating, to provide the greatest support in applying the 5 Key Principles for Good Assurance to the most strategically important, valuable and risky investments.
The tier of an investment is determined by the DTA through an assessment against a number of factors, including the strategic significance of the investment, agency delivery history, the availability of required skills, and the maturity of the agency’s oversight arrangements.
Step 2: Plan for assurance
Agencies are required to plan for assurance.
This means you must apply the 5 Key Principles for Good Assurance and meet minimum assurance requirements applicable to the tier of the investment. The resultant Assurance Plan agreed with the DTA will be submitted to Cabinet for approval as part of the proposed investment.
Step 3: Use assurance effectively during delivery
Throughout the delivery of your investment, you must continue to use assurance effectively.
This means you must deliver according to your approved Assurance Plan, continue to apply the 5 Key Principles for Good Assurance and meet ongoing reporting and engagement requirements.
Step 4: Follow the escalation protocols (if required)
Investments which encounter difficulty during delivery receive additional oversight and support. This can include assistance in preparing an evidence-based remediation plan, undertaking independent health checks and/or expert-led investment reviews. Depending on the tier and condition of an investment, as well as whether the Enhanced Notification Process applies, different escalation protocols apply. The DTA will support agencies in understanding the requirements applicable to their investments.
5 Key principles for good assurance
Every in-scope investment, regardless of tier, is required to apply the Key Principles for Good Assurance when planning for and delivering assurance. When applied effectively, these principles help provide confidence that digital and ICT investments will achieve their objectives, without leading to excessive levels of assurance.
The principles were developed drawing on the DTA’s experience as well as the experience of leading digital governments and organisations including the New Zealand Government, the Government of the United Kingdom, the New South Wales Government, the Victorian Government and various private sector organisations.
1. Plan for assurance
Prepare and maintain a fit-for-purpose Assurance Plan.
This means:
- Have a formal plan for assurance, monitor and iterate the plan during delivery and as the risk posture of the investment changes.
- Budget for assurance activities in your business case.
- Ensure all sources of assurance are coordinated, avoiding duplication and overlap and focussing assurance on the most important areas.
- Ensure your Assurance Plan is informed by experience in similar investments.
- Have clear roles and responsibilities for assurance, including for your governance bodies and SRO.
2. Drive good decisions
Assurance should provide timely, reliable information to inform key decisions.
This means:
- Assurance is grounded in the agreed investment outcomes and expected benefits, and presents clear assessments of delivery confidence.
- Assurance is organised around key decisions points such as go-live points, key milestones, and funding release points.
- Assurance information is unambiguous, supports informed decision-making and uses consistent definitions and standards to support comparisons over time (e.g. using common delivery confidence ratings and priority ratings for recommendations).
- Governance bodies and central agencies have unimpeded access to full assurance opinions and reports and use assurance information to focus their support and attention where it is most needed.
3. Expert-led and independent
Assurance should be provided by credible and suitably independent reviewers with the right skills and experience to assure an investment of your scale and complexity.
This means:
- Assurance activities are carefully scoped, and the review team’s skills and experience assessed to ensure they are suitably skilled and experienced.
- Conflicts of interest for the review team are identified and managed, with the governance committee and SRO ensuring that the provider has necessary independence and objectivity.
- The provider is supported in accessing the people and resources they require, and the evidentiary standard for their assessments/evaluations is clearly identified in their reporting.
- The provider adopts relevant reporting standards, including, for example, the use of the DTA’s delivery confidence scale included at Assurance Implementation Requirements.
4. Culture and tone at the top
Investment leadership engages positively with assurance and drives a culture of continuous improvement and transparency welcoming of constructive challenge.
This means:
- There is clear accountability for achieving and maintaining a fit-for-purpose assurance approach, and assurance is actively promoted as a valuable partner in securing successful delivery.
- There is an openness displayed by responsible senior executives to external scrutiny and constructive challenge, and this outlook is expected of their teams.
- Implementation of agreed recommendations is actively monitored and escalated when agreed timeframes are not being met.
- The SRO and key governance committee/s actively engage with assurance planning and outcomes, with a focus on ensuring the assurance regime remains fit for purpose during the delivery phase.
5. Focus on risk and outcomes
Assurance activities should focus on assessing key risks to successful delivery, and impact on success.
This means:
- Assurance activities should always be mapped to key risks to realising investment objectives.
- Assurance should always be forward-looking and focus on supporting the investment to maintain delivery confidence.
- Assurance should help governance committees and the SRO stay across the most important risks and prioritise their efforts and attention on the most important aspects for successful delivery.
SRO requirements
Leadership, particularly of major digital investments, can be complex and challenging. The SRO of a digital investment plays a vital role in the system of assurance that supports successful delivery.
As the official with ultimate accountability for the investment’s delivery, SROs are required to champion assurance that is fit-for-purpose and aligned to risk and complexity. This is reflected through one of the 5 Key Principles of Good Assurance, as ‘culture and tone at the top’ – requiring senior executives to drive a culture of continuous improvement and transparency through fit-for-purpose assurance arrangements.
Often, SROs are stretched across multiple strategic priorities with many dependencies and risks. Carefully planned and executed assurance will prove to be a valuable partner to a busy SRO, helping them stay on top of the critical issues and to inform better decisions, increasing their chances of success.
To guide the successful delivery of a digital investment, an SRO needs to:
- Promote assurance as a valuable partner of the project through the relevant governance body.
- Actively engage in assurance planning and monitoring, providing advice and escalating when required.
- Acknowledge their own skills, project needs and knowledge gaps and structure the governance body and project team accordingly.
- Ensure the Assurance Plan is reviewed by the governance body at regular intervals and at least as often as the relevant tier requires. This is key to ensuring the plan continues to be fit-for-purpose.
- Ensure assurance providers are suitably skilled, independent and objective.
- Ensure assurance activities are providing high quality assurance information to support decision-making.
- Monitor the implementation of assurance recommendations.
It is important that SROs receive appropriate support and capability development to help navigate the challenges faced delivering a digital investment. The criticality of the SRO role in supporting the success of digital projects means that the DTA will generally not support proposals which have more than one SRO or have the core responsibilities of an SRO delegated to another person.
Tiering of investments
Each in-scope investment will be assigned one of 3 tiers under the DTA’s Investment Tiering Model. This model is designed to focus oversight attention and support for applying the 5 Key Principles for Good Assurance on the most important investments. The model also helps ensure lower risk and lower value investments are not unnecessarily burdened by excessive levels of oversight of their assurance arrangements.
The tier of an investment is determined by the DTA in consultation with the proponent agency for an in-scope digital or ICT investment. Tiers are determined during the contestability stage of the investment lifecycle before proposals are brought forward for an investment decision by Cabinet.
- Tier 1 – Flagship digital investments: Tier 1 investments represent the Australian Government’s most complex and strategically significant digital or ICT investments, responsible for transforming the experience of people and business and realising the APS Enterprise view by improving the efficiency and effectiveness of government operations.
- Tier 2 – Strategically significant digital investments: Tier 2 investments are usually complex and strategically significant digital or ICT investments but may not have the same whole-of-government emphasis or the same criticality to the digital agenda as Tier 1 investments or, if they do, they are of lower estimated total cost.
- Tier 3 – Significant digital investments: Tier 3 investments are significant digital or ICT investments. They are likely focussed on meeting the needs of one agency or, sometimes, a small group of agencies. They generally represent lower risk.
The tier is determined through a combination of a weighted priority score and the estimated total cost to implement the proposal. The weighted priority score is calculated through a DTA-led assessment of more than 16 factors which canvass implementation risk and complexity, strategic importance, and the consequences of delivery failure. The DTA conducts this assessment in consultation with relevant agencies.
| Estimated total cost and respective tier | |||||
|---|---|---|---|---|---|
| Weighted priority score | $0 to $10 million | $11–$50 million | $51–$150 million | $151–$400 million | >$400 million |
| 0.0–1.9 | 3 | 3 | 3 | 2 | 2 |
| 2.0–2.4 | 3 | 3 | 2 | 2 | 2 |
| 2.5–2.9 | 3 | 2 | 2 | 2 | 1 |
| 3.0–3.4 | 2 | 2 | 2 | 1 | 1 |
| 3.5–3.9 | 2 | 2 | 1 | 1 | 1 |
| 4.0–5.0 | 2 | 1 | 1 | 1 | 1 |
Image description
Text
OffDepending on the tier your investment is assigned, different minimum assurance planning, assurance implementation and escalation protocol requirements will apply. To confirm your investment tier, please contact investment@dta.gov.au.
Assurance Planning Requirements
The goal of structured assurance planning is to ensure that all in-scope investments proactively design fit-for-purpose and proportionate assurance arrangements which ensure, if the investment is funded, that assurance is applied effectively to support successful delivery and realisation of expected benefits.
Regardless of tier, all in-scope investments are required to agree an Assurance Plan with the DTA prior to investment decision. This plan must show how the investment will meet the 5 Key Principles for Good Assurance as well as the requirements applicable to the tier. A specific recommendation must be included in your investment submission seeking Cabinet agreement to the Assurance Plan. The DTA will advise and support you in preparing this.
Minimum Requirements by Tier
Tier 1 and Tier 2
Assurance arrangements must address the 5 Key Principles for Good Assurance and meet the minimum requirements laid out below.
Minimum Requirements
The DTA must be satisfied that you have:
- Mapped planned assurance activities to key risks, milestones and decision points (the DTA will assess whether the link between planned activities and achieving the investment outcomes and benefits’ are sufficiently clear, and check to ensure overlap is minimised and assurance is proportionate to risk).
- Integrated assurance into your governance approach (this includes in the terms of reference for governance bodies).
- Identified who is accountable for ensuring a fit for purpose assurance approach is achieved and maintained for the investment. This includes regularly reviewing the Assurance Plan. For Tier 1 investments, the plan should be reviewed at least every 6 months. For Tier 2, this would generally be at least every year.
- Put arrangements in place to meet the mandatory DTA assurance oversight requirements during delivery (including, for Tier 1 investments, participation by the DTA as an observer on the primary investment governance body).
- Budgeted for assurance.
- Planned for regular assurance activities that provide a Delivery Confidence Assessment (DCA) rating, undertaken by suitably skilled, independent and objective assurance providers using the Assurance Framework’s DCA scale outlined in the Assurance Implementation Requirements section (see page 13). For Tier 1 investments, the plan should include assurance activities resulting in a DCA rating at least quarterly. For Tier 2, the plan should include assurance activities resulting in a DCA rating at least every 6 months.
Tier 3
Assurance arrangements must address the 5 Key Principles for Good Assurance and the minimum requirements below. The level of detail required for Tier 3 investments will be agreed between the DTA and the agency.
Minimum Requirements
The DTA must be satisfied that you have:
- Arrangements which align to the 5 Key Principles for Good Assurance.
- Arrangements which are commensurate to the risk and complexity of the proposed investment, which will support good decision-making.
- Considered and included assurance activities that result in DCA ratings – as needed.
How DTA Assesses Assurance Plans
The level of assurance applied to an investment must always be commensurate to risk and complexity. The DTA will assess Assurance Plans with a focus on ensuring that they meet the 5 Key Principles for Good Assurance. This includes by ensuring all plans are:
- Focussed on key risks and the areas of most importance to successful delivery.
- Designed to maximise the value of assurance to decision-making, including by timing activities to feed into key decisions.
- Have clear governance of assurance arrangements, with a focus on maximising the value of assurance including through timely implementation of recommendations.
- Manage the compliance burden placed on teams through assurance activities, including by avoiding overlap.
The DTA does not start from a position that every investment requires more assurance. In fact, if the DTA’s assessment of proposed arrangements suggests that there is excessive assurance, or that assurance from multiple sources needs to be better coordinated, the DTA may encourage an agency to reconsider the coverage or frequency of assurance activities.
Assurance and Benefits Management
Better practice benefits management applies to all digital and ICT-enabled investments irrespective of size, scale, and complexity.
Without a clear understanding of the benefits an investment is funded to deliver, decisions made during an investment’s implementation can result in the investment failing to achieve its intended outcomes.
Suitable and measurable benefits should be identified during investment planning and a culture of reporting benefits embedded in the governance and assurance activity arrangements. This approach not only enables governance bodies to manage and monitor investments to determine whether change is required but can be used as a recovery action to refocus investments on delivering what is important or essential.
Alignment and compliance with DTA’s Benefits Management Policy (BMP) is assessed by the DTA during the Digital Capability Assessment Process (DCAP) and considered throughout the delivery of an investment. As with all assurance activities, the level of BMP assessment is commensurate with investment, stage, size, and complexity.
Governance Body Participation
For all Tier 1 and some Tier 2 investments, the DTA participates as an observer on investment governance bodies to monitor assurance arrangements. This includes ensuring that the arrangements agreed in the Assurance Plan are implemented and the 5 Key Principles for Good Assurance are effectively applied.
Lead agencies are responsible for advising the DTA of governance body information by emailing investment@dta.gov.au. Agencies must also ensure that the governance body terms of reference clearly identifies DTA participation as well as the role of the governance body in overseeing assurance arrangements. This includes monitoring progress and implementing agreed recommendations.
Relationship with the Gateway Review Process
Your agency may also be required to engage with the Department of Finance to determine if any Australian Government Assurance Reviews (including Gateway reviews) will be recommended for an investment.
Assurance arrangements coordinated by the Department of Finance and the DTA are complementary to one another. When determining whether an investment’s proposed assurance arrangements are fit-for-purpose and meet the requirements under the Assurance Framework, the DTA takes into consideration whether Australian Government Assurance Reviews are expected to be applied.
The Digital Experience Policy (DX Policy)
Excellent digital services focus on the end-user. The Digital Experience Policy ensures this by mandating four standards that prioritise usability and accessibility from the outset of digital investments. Agencies are required to demonstrate compliance with the DX Policy and any applicable standards, including during project delivery. More information on how the DTA is ensuring compliance with the DX Policy is outlined in the Digital Experience Compliance and Reporting Framework Projects which are in-scope of the DX Policy should include relevant assurance activities in their Assurance Plans which ensure digital experiences enabled through the project will meet the policy requirements. This might include requiring that DX Policy compliance be assessed as part of a solution design review and/or as part of go-live assessments
Assurance implementation requirements
If an in-scope investment is funded, the DTA’s focus turns to monitoring implementation of agreed assurance arrangements and ensuring that minimum requirements continue to be met. This work is undertaken to ensure that assurance advice and information obtained by investments is of consistently high-quality, is sufficiently independent and is used effectively to support decision-making and maintain delivery confidence.
Regardless of tier, investments are required to continue to apply the Key Principles for Good Assurance during delivery. Additionally, all investments should be benefits-led where the primary focus is on delivering value. The DTA’s Benefits Management Policy provides guidance on this topic.
Requirements by Tier
Tier 1
You must show that assurance is being applied effectively throughout delivery, including by continuing to apply the Key Principles for Good Assurance. You must also meet the following minimum requirements:
- Include DTA representation on your investment’s governance committee.
- Agree terms of reference for external assurance activities with the DTA prior to commencement.
- When approaching the market for independent assurance providers, agree approach to market materials with the DTA.
- Review and update your Assurance Plan through the governance committee with DTA representation every six (6) months (or as otherwise stated in your Assurance Plan), and provide the updated version to the DTA for review and agreement.
- Provide draft and final assurance reports to the DTA for oversight purposes. Note that Gateway Review reports will be handled in accordance with agreed protocols for the handling of Gateway material.
- Ensure governance bodies with DTA representation receive regular reporting on progress implementing agreed assurance recommendations.
- Advise the DTA when there is a material variation from planned assurance arrangements.
Tier 2
You must show that assurance is being applied effectively throughout delivery, including by continuing to apply the Key Principles for Good Assurance. You must also meet the following minimum requirements:
- Provide terms of reference for external assurance activities as endorsed by the SRO to the DTA for comment prior to commencement.
- Review and update your assurance plan through your governance body at least every 12 months, and provide the updated version to the DTA for review.
- Provide final assurance reports to the DTA for oversight purposes. Note that Gateway Review reports will be handled in accordance with agreed protocols for the handling of Gateway material.
- Provide summary reporting to the DTA on recommendation implementation progress.
- Advise the DTA when there is a material variation from planned assurance arrangements.
Tier 3
You must show that assurance is being applied effectively throughout delivery, including by continuing to apply the Key Principles for Good Assurance. You must also meet the following minimum requirements:
- Provide final assurance opinions and reports to the DTA for oversight purposes. Note that Gateway Review reports will be handled in accordance with agreed protocols for the handling of Gateway material.
- Advise the DTA when there is a material variation from planned assurance arrangements.
Delivery confidence assessments during implementation
The DTA draws heavily on assurance information to inform and focus its oversight and engagement across the portfolio of in-flight digital and ICT investments.
Delivery Confidence Assessment (DCA) ratings result from independent assurance activities that agencies conduct. These confidence ratings provide an indication of an investment’s overall trajectory to deliver on intended outcomes and benefits.
As per assurance planning requirements articulated in the previous sections:
- Tier 1 investments are required to conduct assurance activities resulting in a DCA on a quarterly basis with draft and final assurance reports provided to the DTA.
- Tier 2 investments are required to conduct assurance activities resulting in a DCA on a biannual basis with final assurance reports provided to the DTA.
- Tier 3 investments are recommended to conduct assurance activities resulting in a DCA as needed with final assurance reports provided to the DTA.
Consistency in how DCAs are defined is critical to the effectiveness of the DTA’s oversight. Assurance activities that require the inclusion of a DCA in reports provided to the DTA must use the below definitions which align to the DCA ratings used for Australian Government Assurance Reviews or, with the agreement of the DTA, use other definitions which map to the below ratings.
| Rating | Description |
|---|---|
| High | Successful delivery of the investment to time, cost, quality standards and benefits realisation appears highly likely and there are no major outstanding issues that at this stage appear to threaten delivery significantly. |
| Medium High | Successful delivery of the investment to time, cost, quality standards and benefits realisation appears probable however constant attention will be needed to ensure risks do not become major issues threatening delivery. |
| Medium | Successful delivery of the investment against budget, schedule, scope and benefits, appears feasible but significant issues already exist, requiring management attention. These appear resolvable at this stage and, if addressed promptly, should not present a cost/schedule overrun or loss/delay of benefits. |
| Medium Low | Successful delivery of the investment requires urgent action to address major risks or issues in a number of key areas. Changes to budget, schedule, scope or benefits may be necessary if the investment is to be delivered successfully. |
| Low | Successful delivery of the investment requires changes to budget, schedule, scope or benefits. There are major issues with investment definition, schedule, budget, quality and/or benefits delivery, which don't appear to be manageable or resolvable without such changes being made. |
Note: Depending on the tier your investment is assigned, different minimum assurance planning, assurance implementation and escalation protocol requirements will apply. To confirm your investment tier, please contact investment@dta.gov.au.
Guidance for assessing DCAs
Guidance for assessing DCAs The DTA has collaborated with academia to develop guidance for assessing the delivery confidence of digital projects. For more information, visit the DTA’s Digital project research series.
Major Digital Projects Report
Major Digital Projects Report DCA ratings are released publicly every year through the Major Digital Projects Report (unless exempt, including due to national security considerations). This report provides transparency over digital project performance for Parliament and Australians.
For more information on the report, please contact portfolio.assurance@dta.gov.au
Escalation protocols
Assurance escalation protocols focus on supporting agencies in the timely resolution of delivery challenges experienced by their investments, as well as keeping Ministers and senior leaders informed of underperforming digital and ICT investments.
The DTA advises the Government on the progress of major digital projects through regular reporting to the Minister for Finance. This is primarily focused on building visibility of overall portfolio performance and systemic issues which would benefit from whole-of-government responses consistent with the DTA’s mandate.
Before applying the protocols, the DTA will engage with the lead agency to further understand sources of stress and how the DTA can best support recovery. This stage, known as triage, will ultimately determine whether escalation protocols are necessary and which protocol is the most appropriate.
Escalation protocols are triggered based on an investment’s Delivery Confidence Assessments (DCAs) and other relevant assurance information. There are three escalation protocols, these are Remediation Plan, Independent Health Check and Investment Review Meeting.
Remediation plan
This involves the lead agency preparing a structured, evidence-based plan to restore delivery confidence in the investment. The plan must be action-oriented, with clear individual accountability for implementation. The Remediation Plan is assessed by the DTA, with quarterly updates provided to Cabinet on progress.
Remediation Plans are generally required from all Tier 1 and Tier 2 investments when DCAs are at Medium or below. Tier 3 investments must complete Remediation Plans when DCAs are at Medium-Low or below but are recommended to complete them starting from Medium.
Independent health check
An independent assurer is engaged by the agency (in consultation with the DTA), to independently assess the viability of recovering the investment based on the active Remediation Plan, recommending any changes to the plan if required.
The independent health check is triggered at the DTA’s discretion when efforts to remediate the investment (including application of the Remediation Plan) have been unsuccessful and delivery confidence is Medium-Low or below.
Investment review meeting
This is the final protocol. This protocol sees the DTA convene a meeting of relevant central agencies and the lead agency to conduct a review of the basis of the investment, and recommend to Government whether to terminate, suspend, or continue to attempt to remediate.
Termination: in circumstances where remediation is not considered viable, and options to reshape the investment are limited or unlikely to succeed, recommending that the investment be ceased.
Suspending: the lead agency is to minimise activity and spend to the extent practicable whilst options are formulated and brought forward for Cabinet decision.
Continuing to remediate: applying an action plan agreed by the DTA, relevant central agencies and the lead agency as presenting a confident path back to green. Progress implementing this remediation plan will be closely monitored, with a further Investment Review Meeting scheduled at least every three months.
The Investment Review Meeting protocol will be triggered at the DTA’s discretion when any investment reaches a Low DCA. It may be triggered at higher DCA ratings at the DTA’s discretion, including when an investment is at Medium-Low but reporting a worsening trajectory.
When protocols are applied
The DTA’s decision whether to apply any of the escalation protocols will take into consideration whether the investment is currently the subject of the Enhanced Notification Process coordinated by the Department of Finance, and any other extant processes which engage Cabinet in reviewing the condition and trajectory of an investment such as the Department of Defence’s Projects of Concern regime.
As a starting principle, the escalation protocols do not apply to the extent they overlap or duplicate a requirement already triggered through the Enhanced Notification Process.
The DTA and the Department of Finance will work with agencies to explain requirements in this situation. The DTA will advise agencies when a protocol is required to be applied and provide ongoing support to ensure agencies are able to meet the requirements of the escalation protocols.
Benefits Management Policy FAQs
What is the Benefits Management Policy (BMP)?
What is benefits management?
Benefits management is the identification, quantification, analysis, planning, tracking, realisation, and optimisation of benefits. It is an important change discipline that, when applied effectively, increases confidence in realising intended benefits and demonstrating the success of investments.
What is the BMP?
The BMP is a best-practice policy that standardises benefits management practices and defines how benefits must be managed across the Australian Government digital and ICT portfolio.
The BMP includes Policy, Standard, Guidance and Process components that detail investment oversight requirements and provide guidance on benefits management.
The DTA supports agencies to apply the BMP during the Digital Capability Assessment Process (DCAP) to ensure agencies are better placed to realise the benefits from digital and ICT-enabled investments.
Who developed the BMP?
The DTA developed the BMP, which is predominantly based on APMG-International’s Managing Benefits™ methodology and definitions. When developing the BMP, the DTA undertook a robust discovery and consultation process, engaged with numerous entities in Australia and overseas, and drew on existing literature and best practice publications.
Why was a whole-of-government digital and ICT BMP developed?
The Digital Review (2021) and other DTA internal reviews identified substantial gaps in benefit measurement, management and oversight across the Australian Government’s Digital and ICT Portfolio. The Digital Review included a recommendation to ‘develop and mandate whole-of-government digital and ICT initiative benefits realisation, outcome tracking, and implementation oversight’. In the absence of an overarching benefits framework that details a consistent way of identifying and baselining benefits, agencies are looking to DTA to provide a position and guidance around digital investment benefits management.
Where can I find the BMP document?
The BMP document can be downloaded from the Benefits Management Policy page.
How will the BMP impact my agency
How is the BMP relevant to my agency?
The BMP is now included in the Digital Capability Assessment Process (DCAP). This means that all digital and ICT-enabled proposals that are subject to the Investment Oversight Framework will now be assessed for compliance with the BMP before proceeding to Cabinet for decision.
What is the DCAP?
The Digital Capability Assessment Process (DCAP) underpins the Digital and ICT Investment Oversight Framework (IOF) and is used by the DTA to assess digital and ICT-enabled investment proposals being presented for Cabinet decision. Specifically, proposals are assessed for their compliance and alignment with whole-of-government digital and ICT policies and standards and the resultant DCAP assessment may determine whether a proposal goes forward for Government consideration.
Is the BMP assessment a mandatory inclusion in the DCAP?
Yes, Cabinet has mandated the BMP for all proposals coming forward to Budget in 2024-25 and beyond.
How does the DCAP assess a proposal for BMP compliance?
Full information about the DCAP BMP assessment process can be found in the BMP document.
Our agency already has an established enterprise benefits management framework. Are we required to adopt the BMP?
Agencies are free to use existing tools, templates, and guidance from their respective enterprise level benefits management frameworks, provided they comply with the BMP. Benefits management, as a discipline, may vary in some respects but outcomes are mostly similar.
Are expectations scaled to the size and complexity of the investment?
Better practice benefits management principles are equally applicable across all investments irrespective of size, scale, and complexity. As such, all digital and ICT-enabled investment proposals are expected to articulate the purpose of their investment, including defining key anticipated outcomes and how improvement against those outcomes with be measured, monitored, and optimised. DTA Investment Advisors have some discretion with respect to the level of detail and documentation expected for each investment, provided that the DCAP assessment criteria are met.
What resources are available to help agencies
Does the DTA have benefits management tools and templates?
The DTA is building a repository of benefits management templates and guidance based on best practice examples and feedback received by the DTA. Interim templates and guidance can be downloaded from the AGA Website.
What other guidance is available?
There are a number of resources published by other government jurisdictions that may be of use to agencies that do not have a dedicated benefits management suite. DTA recommends the following resources:
- UK Government – Managing Benefits from Projects and Programmes: Guide for Practitioners provides general guidance for benefits management.
- Victoria State Government – Investment Management Standard (IMS) provides guidance for delivering benefit discovery workshops and mapping benefits using the Investment Logic Mapping (ILM) technique. This resource includes examples and a detailed practitioner’s guide.
- NSW State Government – Benefits Realisation Management Framework includes a suite of templates such as benefits profiles and benefits realisation plans.
When should I speak to the DTA about my proposal and benefits management compliance?
Agencies are required to engage with the DTA at the earliest opportunity when preparing digital and ICT-enabled investment proposals. This ensures there is sufficient time for the DTA to work with agencies to ensure their proposals align and comply with relevant whole-of-government digital and ICT policies and standards. To speak to an investment Advisor, contact investment@dta.gov.au.
What the DTA will do
The DTA provides strategic and planning advice relating to digital and ICT investment including a prioritised list of proposals to help inform government investment decisions as a part of the Budget and Mid-Year Economic and Fiscal Outlook (MYEFO) process.
The prioritisation process involves an assessment of agency proposals against the 5 missions of the Data and Digital Government Strategy along with other general prioritisation criteria set:
Delivering for people and business
- Does the proposal improve the ease of individual's engagement with government?
- Does the proposal deliver of efficiencies for businesses, industry and other organisations?
Simple and seamless services
- Does the proposal improve government productivity?
- How aligned is the proposal to the Australian Government Architecture?
Government for the future
- Does the proposed investment contribute to the positioning of government to be fit for the digital age and respond to longer term emerging digital and ICT needs?
- The extent to which the proposed investment delivers on government priorities.
Trusted and secure
- The extent to which the proposed investment safeguards the security of government information.
- The extent to which the proposal enhances governments reputation and trust.
Data and digital foundations
- Does the proposal promote data sharing and enable integration with other government agencies?
- Is there good evidence of planning that improves the likelihood of project success?
- Has the proposal engaged with the system of assurance?
General prioritisation
- rigour of cost estimates
- maturity of benefit analysis
- consideration of implementation risk
- dependency mapping.
Following assessment against the prioritisation criteria the assessment outcomes are subject to a peer review and internal workshop with other states of the IOF.
Proposal assessments are then moderated by external senior government officials from across the Australian Public Service (APS). Agencies have an opportunity to review the assessment outcomes prior to finalisation of the prioritised list of proposals.