Low
The schedule does not cover the complete scope. The critical path is not being managed. The schedule is not being used to support management action. Progress assessed on time spent. No remaining schedule contingency.
Off-
The project schedule covers the entire scope for the solution, is used to inform management action and is actively updated. Progress assessed on estimate to complete. There is sufficient contingency for the risk of the project. The project is at or ahead of schedule.
-
A schedule measurement baseline exists with a critical path. Critical path is managed and used to inform management decisions. It provides the basis for management of change. The project is at, or ahead of, schedule.
-
The schedule appears accurate but is not actively updated. Measurement against baseline is not consistent or regular. A critical path exists and is used to measure progress.
-
The schedule appears mostly complete but is not being used to inform management action. The project is behind schedule.
-
The schedule does not cover the complete scope. The critical path is not being managed. The schedule is not being used to support management action. Progress assessed on time spent. No remaining schedule contingency.
Cost and finance
Delivery confidence can be higher where there is evidence of regular monitoring of cost, value and revenue, with any variation attributed to specific causes and with appropriate delegations.
The DCA should assess how the project is tracking against the approved budget and whether the trajectory to completion within budget is realistic.
While impractical to fully assess the assumptions underlying the business case, in conducting a DCA, assessors should remain alert to indication of whether the baseline cost estimate was realistic, or whether there is evidence of optimism bias, or underestimation of budgets and overestimation of benefits to facilitate initiation.
Funding continuity can also affect delivery confidence. Factors to consider include the budget allocation for development after go-live, and to support the training and organisational change management activities needed to realise benefits.
Budgets also need to cater for recurrent costs post implementation, for example, accounting for ongoing Op-Ex to support cloud-based digital solutions.
DCA tolerances
High
Cost and value are realistically estimated, forecast and monitored continuously. The project is at, or ahead of, budget
Off
Medium high
Cost and value are forecast and monitored regularly. The project is at, or ahead of, budget.
Off
Medium
The project is at, or ahead of, budget. Cost is monitored regularly.
Off
Medium low
The project is behind budget. Cost is monitored regularly.
Off
Low
Cost is not actively monitored. The project is over budget or there is no certainty of current status.
Off-
Cost and value are realistically estimated, forecast and monitored continuously. The project is at, or ahead of, budget
-
Cost and value are forecast and monitored regularly. The project is at, or ahead of, budget.
-
The project is at, or ahead of, budget. Cost is monitored regularly.
-
The project is behind budget. Cost is monitored regularly.
-
Cost is not actively monitored. The project is over budget or there is no certainty of current status.
Scope and change control
The abstract nature of digital solutions can make scope management more difficult than for projects with tangible outputs. Robust scope management and change control processes are needed that drive management action.
Scope definition should include data management and conversion, integration and interfacing, reporting, change management, as appropriate.
During scoping, projects should engage in rigorous up-front analysis about overarching design, consideration of options, critical interdependencies and business problem identification.
This is of particular importance when using agile in larger projects where these concerns can be overlooked. Change control processes should ensure that features affecting customer satisfaction with the quality of the outputs remain prioritised.
Processes need to account for changes in business requirements due to shifting business needs or discovery of misconceptions, reflecting budget cuts in scope changes, and highlighting reductions in scope to meet time or cost constraints.
Projects that push scope into subsequent tranches, even through official change processes, can impact upon delivery confidence.
DCA tolerances
High
A clear scope with measurable acceptance criteria, aligned to business need, refined through recent consultation with users, suppliers, project team and senior management, including benefits realisation activities. Change is minimal and well controlled.
Off
Medium high
A clear scope with acceptance criteria aligned to business need, developed through consultation with users, suppliers, project team and senior management, including benefits realisation activities. Change control may be slow to reflect implications of change across project.
Off
Medium
A scope referencing business need, developed with some consultation with users, suppliers, project team and senior management. Change control processes exist but is incomplete or needs improvement. Movement of scope between tranches is reflected in adjusted budget and schedule.
Off
Implement security measures
Secure by design: Use the Information Security Manual, the Essential Eight and other resources from the Australian Cyber Security Centre to thoroughly assess your service’s threats, posture and protections. Plan for which requirements and system hardening will support your service throughout design, build, operation and decommissioning.
Off
Medium low
A scope that lacks sufficient definition or clarity on acceptance criteria. Informal or undocumented change control.
Off
Low
Absence of scope definition or acceptance criteria. Change is not being controlled or substantial scope is being moved to subsequent tranches.
Off-
A clear scope with measurable acceptance criteria, aligned to business need, refined through recent consultation with users, suppliers, project team and senior management, including benefits realisation activities. Change is minimal and well controlled.
-
A clear scope with acceptance criteria aligned to business need, developed through consultation with users, suppliers, project team and senior management, including benefits realisation activities. Change control may be slow to reflect implications of change across project.
-
A scope referencing business need, developed with some consultation with users, suppliers, project team and senior management. Change control processes exist but is incomplete or needs improvement. Movement of scope between tranches is reflected in adjusted budget and schedule.
-
A scope that lacks sufficient definition or clarity on acceptance criteria. Informal or undocumented change control.
-
Absence of scope definition or acceptance criteria. Change is not being controlled or substantial scope is being moved to subsequent tranches.
Risk management
Risk management practices are reflected throughout the other categories. However delivery confidence can be improved with evidence of proactive risk management, clear and appropriate ownership of risk and active management of issues.
Confidence is impacted where risk management is treated exclusively as a compliance exercise, where risk controls do not materially reduce risk or where there is blame and confusion result from risks being triggered.
Risk analysis should extend past technical, procurement and methodological aspects of risk to also consider people-related risk. This could include aspects of resource capacity and availability, and behavioural or psychosocial considerations that affect performance.
DCA tolerances
High
Risks are actively discussed and managed in governance forums and aligned with the risk register. Ownership of risk and related activity is clear. Controls are effective. People related risks are actively managed.
Off
Medium high
There is a sufficient understanding and reporting of the material risks impacting the project. Consideration of people related risks.
Off
Medium
Risk management is a compliance activity. There is limited understanding and awareness of the key risks impacting the project.
Off