The value of gated assurance
The need for reliable information to support effective decision making is a fundamental principle underlying the value of gated assurance services. Despite this, senior responsible owners, project executives or sponsors roles often do not understand or appreciate the value of independent program and project gated assurance.
Program and project assurance is the process of checking that a program or project makes the right commitments to stakeholders and then delivers on those commitments. Gated assurance provides an independent, confidential objective view of program/project delivery with the goal of identifying potential risk threats beyond program/project management visibility before they become major issues. When deployed at the right time, by the right people, with the right skills and experiences, gated assurance gives confidence to senior responsible owners, project executive or sponsors that the right decisions are being made, and that outputs and capabilities are fit for purpose and are being delivered on time and to budget.
Assurance is defined as all the systematic actions necessary to provide confidence that the target (system, process, organisation, program, project, outcome, benefit, capability, product output, deliverable) is appropriate. Appropriateness might be defined subjectively or objectively in different circumstances. The implication is that assurance will have a level of independence from that which is being assured. Nothwithstanding, anyone involved with the day-to-day management or delivery of a program or project cannot assure themselves.
What is the purpose of assurance?
The focus of assurance changes throughout the program/project lifecycle, but its underlying purpose is to determine whether programs/projects are delivering on their objectives at each phase/stage and are compliant with risk management controls, and subsequently suggesting remedial steps where necessary. There is a clear link between the declining ability to influence the cost (and design) of a program/project, and the increasing maturity of the program/project in the lifecycle phase/stage especially the importance of getting decisions right the first time and taking corrective action early. Where there is insufficient upfront planning, or change is not managed effectively, program/project spend on rework unnecessarily grows quickly.
While assurance is important in every phase/stage of the program/project lifecycle, there is a need for assurance activities to support successful delivery. It is in the early phase/stage of the program/project lifecycle (pre-selection of concept) that the high value, high risk decisions are being made, and therefore that is when assurance can be of most benefit in helping make sure the right decisions are made. In the later stages of the program/project lifecycle, decisions are made within tighter boundaries, and the scope of assurance is focused on execution, change management, performance monitoring and operational readiness.
Why do assurance?
For a senior responsible owner/project executive, the value of undertaking an assurance process is to:
- Improve confidence that the program/project is ready to progress to the next key decision point.
- Enable informed decision making and judgement.
- Promote the conditions for success and deliver improved outcomes and benefits earlier.
- Improve transparency and visibility of program/project performance at a point in time.
- Promote continual improvement in terms of product delivery e.g. fit-for-purpose outputs and capabilities
- Enable portfolio, program and project management and capability maturity improvements through the adoption of lessons learned.
What are the lines of defense?
Within program and project delivery, there are four levels of defence to provide the senior responsible owner/project executive with confidence that the project is performing relative to its objectives and any relevant policies and standards. Each level is distinguished by an increasing level of independence from the initiative, with independent assurance critical to ensuring that internal conflicts between risk and value are appropriately managed and major decisions impacting value are controlled.
- The first layer of defence are the controls for time, cost, quality, benefits, scope and risk tolerances that are in place to mitigate and manage the risks facing the program/project and are subject to change control processes that are approved by the program/project board.
- The second layer of defence is the monitoring controls used to assess the performance of a program/project. It ensures that the objectives of the program/project are being met by monitoring and measuring progress regularly to determine variances from agreed plans. When variances are identified, then corrective action can be taken.
- The third layer of defence is the Office of Government Commerce (OGC) gateway assurance process. This occurs at key decision points across the program and project lifecycle and enables informed decision making, which reduces the causes of failure, promotes the conditions for success and delivers improved outcomes.
- The last line of defence is audit. It provides a retrospective and independent examination of the program/project, where required to evaluate and improve the effectiveness and efficiency of the organisation’s risk management, control and governance processes.
What are the types of assurance?
The four assurance types that support portfolio, program and project management are:
- Project assurance refers to the program/project board’s responsibility to monitor all aspects of the project’s performance and products independently of the program/project manager.
- Quality assurance is an independent check that products will be fit for purpose or meet requirements. It is the process responsible for ensuring that the quality of a service, process or product will provide its intended value in terms of quality, gateway, investment, technical, security, financial and architecture requirements.
- Gateway assurance is a structured review of a project, program or portfolio as part of formal governance arrangements carried out at key decision points in the lifecycle to ensure that the decision to invest as per the agreed business case and plans remains valid. It is performed by an experienced independent team to enable informed decision making by identifying potential risk threats beyond portfolio/program/project management visibility. Gateway reviews are not an audit, technical review or an inquiry.
- Health check is a quality tool that provides a snapshot of the status of a project, program or the portfolio. The purpose of a health check is to gain an objective assessment of how well the project, program or portfolio is performing relative to its objectives and any relevant processes or standards. A health check differs from a gated review in that it informs specific actions or capability maturity development plans, whereas a gated review is part of formal governance arrangements.
Given that PMI’s Pulse of the Profession report shows “only 64 percent of government strategic initiatives ever meet their goals and business intent – and that government entities waste $101 million for every $1 billion spent on project and programs.” Hence why assurance is so important, particularly early in the program/project lifecycle so an informed decision and judgement can be made at key decision points. If an investment cannot show a clear line of sight between strategic intent and financial and quantifiable benefits, why continue to invest?