• Medium

    A scope referencing business need, developed with some consultation with users, suppliers, project team and senior management. Change control processes exist but is incomplete or needs improvement. Movement of scope between tranches is reflected in adjusted budget and schedule.

    Off
  • Implement security measures

     

    Secure by design: Use the Information Security Manualthe Essential Eight and other resources from the Australian Cyber Security Centre to thoroughly assess your service’s threats, posture and protections. Plan for which requirements and system hardening will support your service throughout design, build, operation and decommissioning.

    Off
  • Medium low

    A scope that lacks sufficient definition or clarity on acceptance criteria. Informal or undocumented change control.

    Off
  • Low

    Absence of scope definition or acceptance criteria. Change is not being controlled or substantial scope is being moved to subsequent tranches.

    Off

    • A clear scope with measurable acceptance criteria, aligned to business need, refined through recent consultation with users, suppliers, project team and senior management, including benefits realisation activities. Change is minimal and well controlled.

    • A clear scope with acceptance criteria aligned to business need, developed through consultation with users, suppliers, project team and senior management, including benefits realisation activities. Change control may be slow to reflect implications of change across project.

    • A scope referencing business need, developed with some consultation with users, suppliers, project team and senior management. Change control processes exist but is incomplete or needs improvement. Movement of scope between tranches is reflected in adjusted budget and schedule.

    • A scope that lacks sufficient definition or clarity on acceptance criteria. Informal or undocumented change control.

    • Absence of scope definition or acceptance criteria. Change is not being controlled or substantial scope is being moved to subsequent tranches.

  • Risk management 

    Risk management practices are reflected throughout the other categories, however delivery confidence can be improved with evidence of proactive risk management, clear and appropriate ownership of risk and active management of issues. 

    Confidence is impacted where risk management is treated exclusively as a compliance exercise, where risk controls do not materially reduce risk or where there is blame and confusion result from risks being triggered.

  • DCA tolerances

  • High

    Risks are actively discussed and managed in governance forums and aligned with the risk register. Ownership of risk and related activity is clear. Controls are effective.

    Off
  • Medium high

    There is a sufficient understanding and reporting of the material risks impacting the project.

    Off
  • Medium

    Risk management is a compliance activity. There is limited understanding and awareness of the key risks impacting the project.

    Off
  • Medium low

    There are significant risks and issues that are not adequately controlled or reported.

    Off
  • Low

    There is minimal understanding of the key risks, there are significant issues impacting project delivery and finger pointing on who is responsible.

    Off

    • Risks are actively discussed and managed in governance forums and aligned with the risk register. Ownership of risk and related activity is clear. Controls are effective.

    • There is a sufficient understanding and reporting of the material risks impacting the project.

    • Risk management is a compliance activity. There is limited understanding and awareness of the key risks impacting the project.

    • There are significant risks and issues that are not adequately controlled or reported.

    • There is minimal understanding of the key risks, there are significant issues impacting project delivery and finger pointing on who is responsible.

  • Commercial management

    Factors that improve delivery confidence in commercial management include flexibility in the contract to allow for learning and change in delivery, clarity in the roles and responsibilities and appropriate risk/reward sharing.

    Contracts should include clearly defined management processes, incentives and deliverables, and should be designed to avoid counterproductive terms and conditions, such as over reliance on individual day rate contractors.

    • Other factors to consider when assessing delivery confidence include the supplier performance, supplier capacity and capability, and the degree of integration of suppliers in the delivery organisation.
    • Early engagement with commercial partners can also improve delivery confidence, developing stronger working relationships and a more realistic understanding of objective feasibility.

  • DCA tolerances

  • High

    Procurement decisions are made on detailed analysis of reliable and complete data. The contract has clearly defined deliverables, management processes and anticipates change. There is a productive relationship between the agency and contractors.

    Off
  • Medium high

    Procurement decisions are made on analysis of data. The contract has defined deliverables, management processes and anticipates change. There is an established relationship between the agency and contractors.

    Off
  • Medium

    Procurement decisions are made on data. The contract identifies deliverables but does not accommodate change. There is a working relationship between the agency and contractors.

    Off
  • Medium low

    Procurement decisions are made on incomplete data with poorly formulated criteria. The contract may lead to some counterproductive behaviour. There is a degrading relationship with the contractor.

    Off
  • Low

    Procurement decisions are made on flawed or incomplete data without explicit criteria. The contract does not provide an effective basis for contractor management or delivery. There is an adversarial relationship with the contractor.

    Off

    • Procurement decisions are made on detailed analysis of reliable and complete data. The contract has clearly defined deliverables, management processes and anticipates change. There is a productive relationship between the agency and contractors.

    • Procurement decisions are made on analysis of data. The contract has defined deliverables, management processes and anticipates change. There is an established relationship between the agency and contractors.

    • Procurement decisions are made on data. The contract identifies deliverables but does not accommodate change. There is a working relationship between the agency and contractors.

    • Procurement decisions are made on incomplete data with poorly formulated criteria. The contract may lead to some counterproductive behaviour. There is a degrading relationship with the contractor.

    • Procurement decisions are made on flawed or incomplete data without explicit criteria. The contract does not provide an effective basis for contractor management or delivery. There is an adversarial relationship with the contractor.

  • Supporting policy

    The Digital Sourcing Policy. Digital sourcing policies exist to provide agencies with a modern approach to structuring contracts that reduces risk, drives competitive outcomes, increases flexibility and fairness, and encourages competition.

  • Maintain a reliable service

     

    Available and consistent: Make your service available, stable and consistent for users in different places and time-zones, at different times, on different days. Schedule maintenance for a predictable period of downtime and give notice to users well ahead of time.

    Off

  • Next page: Solution

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession