The need for reliable and accurate information to support effective programme and project decision making is fundamental to undertaking gated assurance. Despite this, key decision makers acting in project sponsor, project owner, project executive or even senior responsible owner roles often do not understand or appreciate the value of independent programme and project gated assurance can have in protecting investment and supporting successful delivery. What’s important is the level of independence from that which is being assured. That is, anyone involved with the day-to-day management or delivery of a program or project cannot assure themselves.
Simply, gated assurance is the process of checking that a programme or project makes the right commitments to stakeholders and then delivers on those commitments within set parameters. It provides an independent, confidential objective view of the programme or project status with the goal of identifying potential risk threats beyond the visibility of the direction and management layers before they become major issues. When undertaken at the right time, by the right people, with a cross analysis of experiences, gated assurance gives confidence to the key decision making role that the right decisions are being made before proceeding to the next phase.
What is the purpose of assurance?
The focus of gated assurance changes throughout the programme and project lifecycle, but its underlying purpose is to determine whether the investment is continuing to deliver on their spending objectives at each go/no go control point. Naturally, the ability to influence the cost and design of a program/project diminishes relative to the progress of the program/project in the lifecycle. So the importance of getting decisions right the first time and taking corrective action early is critical. Where there is insufficient upfront planning, or change is not managed effectively, the results can lead to an unachievable, unviable and/or unaffordable investment.
While assurance is important in every phase/stage of the lifecycle, it is the early phase/stage of the program/project lifecycle that the high value, high risk decisions are being made. This is when assurance can be of most benefit in helping make sure the right decisions are made i.e. “are we doing the right things?”, and “are we getting the benefits?” In the later stages of the program and project lifecycle, and after contracts are signed with suppliers, decisions are made within tighter boundaries, so the scope of assurance is focused on execution, change management, performance monitoring and operational readiness.
Why do assurance?
For a key decision maker, the value of undertaking an assurance process is to:
- Improve confidence that the program/project is ready to progress to the next key decision point.
- Enable informed decision making and judgement i.e. go/no go control.
- Promote the conditions for success and deliver improved outcomes and benefits earlier.
- Improve transparency and visibility of program/project performance at a point in time.
- Promote continual improvement in terms of product delivery e.g. fit-for-purpose outputs and capabilities
- Enable portfolio, program and project management and capability maturity improvements through the adoption of lessons learned.
What are the lines of defence?
Within program and project delivery, there are four levels of defence available to provide the key decision maker that provides confidence that the investment is performing relative to its objectives and any relevant policies and standards. Each level is distinguished by an increasing level of independence from the initiative, with independent assurance critical to ensuring that internal conflicts between risk and value are appropriately managed and major decisions impacting value are controlled.
The first layer of defence are the controls for time, cost, quality, benefits, scope and risk tolerances that are in place to mitigate and manage the risks facing the program/project and are subject to change control processes that are approved by the program/project board or equivalent governance authority.
The second layer of defence is the monitoring controls used to assess the performance of a program/project. It ensures that the objectives of the program/project are being met by monitoring and measuring progress regularly to determine variances from agreed plans. When variances are identified, then corrective action can be taken.
The third layer of defence is the application of the Office of Government Commerce (OGC) gateway assurance process. This occurs at key go/no go decision points across the program and project lifecycle and enables informed decision making by the key decision maker. When undertaken at appropriate times it can reduce the causes of failure, promotes the conditions for success and delivers improved outcomes where any recommendations are redressed prior to the next key decision point.
The last line of defence is audit. It provides a retrospective and independent examination of the program/project, where required to evaluate and improve the effectiveness and efficiency of the organisation’s risk management, control and governance processes.
What are the types of assurance?
The four assurance types that support portfolio, program and project management are:
Project assurance refers to the program/project board’s responsibility to monitor all aspects of the programme and project performance and products independently of the program/project manager role.
Quality assurance is an independent check that products will be fit for purpose or meet agreed business requirements. It is the process responsible for ensuring that the quality of a service, process or product will provide its intended value in terms of quality, gateway, investment, technical, security, financial and architecture requirements.
Gateway assurance is a structured review of a project, program or portfolio as part of formal governance arrangements carried out at key decision points in the lifecycle to ensure that the decision to invest as per the agreed business case and plans remains valid. It is performed by an experienced independent team to enable informed decision making by identifying potential risk threats beyond portfolio/program/project management visibility. Gateway reviews are not an audit, technical review or an inquiry.
Health check is a quality tool that provides a snapshot of the status of a project, program or the portfolio. The purpose of a health check is to gain an objective assessment of how well the project, program or portfolio is performing relative to its objectives and any relevant processes or standards. A health check differs from a gated review in that it informs specific actions or capability maturity development plans, whereas a gated review is part of formal governance arrangements.
Given that significant programme and project failure continues to happen across the globe, the value a structured, effective and consistent approach for program and project assurance should not be underestimated. Hence why gated assurance is so important, particularly early in the program and project lifecycle, so an informed decision and judgement can be made at key no/no go decision points. If an investment cannot show a clear line of sight between strategic intent and financial and quantifiable benefits, why continue to invest?