quality management strategy - qgcio.qld.gov.au · web viewplanning all assurance requirements in...

Insert department name here

Project assurance plan

Project nameMonth Year

Version 0.0

Document propertiesOwner: Name, Title

Contact details: Telephone:

Email:

Program name: Name of program the project forms part of, if appropriate

Division/Unit:Document status: Draft/Final

Filename:Last saved:Document version:

Level <x> Project Assurance Plan<insert name of project>

of 21

[Sec: UNCLASSIFIED-GOVERNMENT-INTERNAL-USE-ONLY]


Revision history

Revision date Version No. Author Description of changes

<date of the revised

version>

<e.g. 0.1; 1.0; 2.1, etc>

<name of author implementing the version change>.

<brief description of the reason for creating the revised version >

ApprovalsThe undersigned acknowledge that they have reviewed the <Project Name> Level <1, 2, 3 or 4> Project Assurance Plan and agree with the information presented within this document. Changes to this Level <x> Project Assurance Plan will be coordinated with, and approved by, the undersigned, or their designated representatives.

Name and role Business unit Signature DateProject Sponsor/Executive<Name of Officer>

<Role, Business unit, Department>

Senior Supplier<Name of Officer>


Senior User<Name of Officer>


of 21



Notes to the author –This document is a template of a Quality Management Strategy. The template includes instructions to the author, boilerplate text, and fields that should be replaced with the values specific to the project.

Blue italicised text enclosed in square brackets ([text]) provides instructions to the document author, or describes the intent, assumptions and context for content included in this document.

Blue regular or italicised text enclosed in angle brackets (<text> / <text>) indicates a field that should be replaced with information specific to a particular project.

Text and tables in black are provided as boilerplate examples of wording and formats that may be used or modified as appropriate to a specific project. These are offered only as suggestions to assist in developing project documents; they are not mandatory formats.

When using this template, the following steps are recommended:

1. Replace all text enclosed in angle brackets (e.g., <Project Name>) with the correct field document values. These angle brackets appear in both the body of the document and in headers and footers.

2. Font colour should be changed from blue to black following insertion; remove italics where appropriate.

3. Modify boilerplate text as appropriate for the specific project.

4. To add any new sections to the document, ensure that the appropriate header and body text styles are maintained.

5. To update the Table of Contents, right-click on it and select “Update field” and choose the option - “Update entire table”.

6. To update filename and last saved fields, right-click on text and select “Update field”.

7. Before submission of the first draft of this document, delete this instruction section “Notes to the Author” and all instructions to the author throughout the entire document.

Instructions for completion

A key input to the Project Assurance Plan is the assurance profile of the initiative. Assurance profiling must be completed and endorsed prior to development of this plan. The assurance profiling will determine the appropriate level of assurance required for the initiative. Assurance information is available at:

https://portal.qgcio.qld.gov.au/portal-processes/ict-program-and-project-assurance

This plan must be reviewed and updated when there are major changes to the project’s characteristics, such as scope change. It is important to note that a major change could affect the assurance profile of the initiative and may require a new assessment.

If this project is part of a program then reference to the Program Assurance Plan must be incorporated within this plan. This plan must be developed in accordance with any direction set at program level.

of 21


https://portal.qgcio.qld.gov.au/portal-processes/ict-program-and-project-assurance


Contents

1. Purpose.......................................................................................................................................5

2. Project overview..........................................................................................................................6

3. Assurance profile level and assurance target requirements........................................................6

4. Whole-of-government assurance requirements..........................................................................6

5. Engagement of assurance services............................................................................................9

6. Assurance schedule..................................................................................................................14

7. Management of intended outcomes..........................................................................................17

8. Management of changes to assurance schedule......................................................................17

Appendix A: Terms of Reference.....................................................................................................18

Appendix B: References..................................................................................................................19

Appendix C: Glossary of key terms..................................................................................................20

of 21



1. PurposePlanning all assurance requirements in advance will ensure more timely and coordinated assurance reviews.

The purpose of the Level <x> Project Assurance Plan is to define the assurance activities and related reviews to be undertaken during the life of the project to help manage risk and improve delivery confidence. It will be used to plan stage gate reviews/health checks and the selection of relevant reviews applicable to the investment/project, including the expected level of detail to be provided. It serves as a guide throughout the life of the project and will be updated as assurance needs change.

The plan also identifies the various roles and responsibilities associated with the assurance activities applicable to this project.

The Project Assurance Plan describes: what will be assured the initiative’s assurance profile and associated program whole-of-government requirements when it will be assured by whom how and when assurance activities will be managed and/or monitored during the life of the

project.

The engagement of assurance services does not transfer the requirement for ensuring assurance away from the agency and should not be seen as a substitute for project managers managing a well-planned process that addresses assurance requirements.

of 21



2. Project overview <Provide a brief summary of the project, e.g. a summary of the project mandate, the business drivers, whether the project is part of a program, etc.>

3. Assurance profile level and assurance target requirements[Insert the assurance profile level as determined through self-assessment and include any specific assurance target requirements identified as part of the profiling process. Reference the form and when the profiling was undertaken.]

Assurance profiling was undertaken by the <Insert role/business unit>. The results of the profiling are outlined below.

Project assurance level

<Insert assurance level> Date profiled <date profiled>

Specific assurance target requirements

<Insert any specific target areas of assurance specifically identified at the time of profiling, if applicable>

[If the project is part of a program, the program should be referenced here. If this project is not part of a program’s blueprint for change then insert the words “Not applicable”.]

The project is part of the following program:

Program<Insert program name> OR<insert Not applicable>

Program assurance level

<insert program level> OR<insert Not applicable>

4. Whole-of-government assurance requirements [Gated reviews are important for assuring projects and programs, but are only one element within a comprehensive assurance framework. Gated reviews themselves often consider the findings of other assurance activities and, in turn, often feed into further assurance activities.

Whilst this plan sets out specific assurance activities and reviews for this project according to its assurance profile, there are whole-of-government activities that may need be considered and included as part of the planning schedule. Below is an outline of some of the processes or policies that may affect your project planning - this is not an exhaustive list.

Governor in Council (GiC) Project Commencement Approval is applicable to departments when they are ready to commence a project. GiC approval is required to commence a project up to a specific value when the total value of the project is valued over $10million (including GST). Approval to commence a project will occur after the project has been scoped and funding is available/approved.

For more information about the Project Commencement Approval policy: http://www.treasury.qld.gov.au/office/knowledge/docs/project-commencement-approval-policy/index.shtml

of 21



Queensland Treasury's Project Assessment Framework (PAF) is designed to assess projects at critical life cycle points similar to the assurance framework for ICT and ICT enabled projects. The Project Manager should contact Queensland Treasury to discuss the requirements of the PAF in the context of the project. If the project has significant infrastructure involved, incorporation of PAF requirements will be likely.

For more information about PAF:https://www.treasury.qld.gov.au/projects-infrastructure/initiatives/project-assessment-framework/index.php

ICT Investment Review is the process supplementing existing governance arrangements with independent reviews at set points within the initiative lifecycle. This will ensure appropriate Assurance is being applied and strategic and policy alignment occurs. Additionally the process will support increased visibility of the initiative outcomes, input requirements and potential multi-agency synergies. Agencies will be required to perform an assessment of initiatives against a set of pre-defined criteria and the extent of the additional governance provided by the ICT Investment Review will be determined based upon the identified levels of business criticality and risk.

For more information about the ICT Investment Review process: https://portal.qgcio.qld.gov.au/portal-processes/ict-investment-review

Probity Audit is advisable for high risk and/or high value procurement of goods and services. Accountable officers are responsible for ensuring that systems, policies and procedures are followed to ensure the integrity of the procurement decision making process. Theseshould be able to withstand public scrutiny and preserve private and public sector confidence in theprocurement process. If this is applicable to this project then it is to be included as part of the assurance schedule.

For more information about Probity Audit requirements: http://www.hpw.qld.gov.au/SiteCollectionDocuments/ProcurementGuideProbityAuditorsAdvisors.pdf

It is important to note that internal or external audit does not absolve the agency from other audit requirements or reviews.]

Based on the project’s current parameters the following government processes and/or policies have been considered with respect to their applicability to this initiative.

Whole-of-government review considerations Complete where applicableReview Description Applicable Responsibility

GiC project commencement approval

Any initiative with a total value of $10 million (including GST) or over.

Yes

No

<insert who is responsible for preparing the GiC application, normally the Project Manager>

Project Assessment Framework (PAF)

Any initiative with estimated capital costs over $50 million (including GST).

Yes

No

<insert who is responsible for engaging with Queensland Treasury for the review, normally the Project Manager>

ICT Investment Review

Any ICT initiative with an Assurance Level 2, 3 or 4 Assurance.

Yes

No

<insert who is responsible for preparing for the review, normally the Project Manager>

Probity Audit Any initiative with high risk and/or high value procurement

Yes <insert who is responsible for engaging independent probity auditor for the

of 21


https://portal.qgcio.qld.gov.au/portal-processes/ict-investment-review

https://www.treasury.qld.gov.au/projects-infrastructure/initiatives/project-assessment-framework/index.php


of goods and services. No audit, normally the Project Manager

<Insert Review, e.g. internal audit>

<insert description of review> Yes

No

<insert who is responsible for facilitating the review>

of 21



5. Engagement of assurance services[Sound planning at the outset will increase the probability of successful, cost-effective assurance outputs. The degree of detail and formality will vary with the nature of the project but the governing components will be similar.

When selecting either a panel member or an internal resource it is recommended you select the provider / resource who will best address the Terms of Reference for the assurance review. Best value does not simply mean the ‘lowest cost’. It is the product of a range of factors, such as:

the resource/s personnel put forward an adequate and appropriate level of expertise and experience to deliver the assurance objectives

there is no conflict of interest in delivering services, for example - a panel member who is already supplying goods and/or services within an agency’s program is not permitted to provide assurance services

the procurement process is compliant with the agency’s purchasing procedures.

It is important that anticipated delivery periods, cost, resource requirements, target areas for particular reviews (if relevant and known at this time) should be included in the template below.

The Queensland Treasury Gateway Review training material suggests a gateway review should be conducted over four working days, or less. Please note, this timeframe does not include review planning activities. The expected elapsed timeframe for a review could be up to eight weeks.

Based on the ICT Strategic Sourcing supplier reporting for the period 2015 to 2016, the price range of one gateway review varies from $10,000 to $35,000.

You can learn more about suppliers of assurance services on the QGCIO intranet site. QRate – Assurance services provides a star based rating of the services provided by suppliers to government and enables agencies to share their experiences and learn more about assurance suppliers. QRate is found at:

https://portal.qgcio.qld.gov.au/portal-processes/qrate

The estimated resource/s, cost and expected outcomes from each review are outlined in the table below:

Assurance Gate

Delivery period Resourcing Total cost Resource Deliverable/s specifications

Gate 1 – Preliminary evaluation

Timeframe: <insert the timeframe of the arrangement>Commencement date:

Vendor Internal

$<insert cost of

Review>

[insert name of resource (if/when known) -panel member and key personnel (if known) or Internal resource – Business unit and key

Assurance assessment report and action plan. Areas assessed include: options identified and suitably appraised

of 21



Assurance Gate


<insert date of review>Completion date: <insert completion date of review>

personnel (if known)]Name: <Insert vendor name / internal resource>Key personnel: <insert name>Position: <insert position title>Telephone: <insert telephone number>Email: <insert email address>

costings value for money established project initiation document accountable business case project brief benefits management plan risk management plan quality management plan communication strategy

Gate 2 – Readiness for market

Timeframe: <insert the timeframe of the arrangement>Commencement date: <insert date of review>Completion date: <insert completion date of review>

Vendor Internal

$<insert cost of

Review>

[insert name of resource (if/when known) -panel member and key personnel (if known) or Internal resource – Business unit and key personnel (if known)]Name: <Insert vendor name / internal resource>Key personnel: <insert name>Position: <insert position title>Telephone: <insert telephone number>Email: <insert email address>

Assurance assessment report and action plan. Areas assessed include: clarity and practicality risk and critical success factors delivery strategy identified outline accountable business case procurement strategy implementation strategy plans for managing business change project plans plans for realising benefits communications strategy and plan

Gate 3 – Investment Decision


Vendor Internal

$<insert cost of

Review>

[insert name of resource (if/when known) -panel member and key personnel (if known) or Internal resource – Business unit and key personnel (if known)]Name: <Insert vendor name / internal resource>Key personnel: <insert name>

Assurance assessment report and action plan. Areas assessed include: accountable business case risk management plans procurement plans delivery strategy project plans benefits management strategy

of 21



Assurance Gate


Position: <insert position title>Telephone: <insert telephone number>Email: <insert email address>

communications plan implementation of procurement plan robustness of planning, design and development

stage project controls and progress alignment against

plan

Gate 4 – Readiness for service


Vendor Internal

$<insert cost of

Review>


Assurance assessment report and action plan. Areas assessed include: update accountable business case benefits realisation plans service delivery plans achievability of implementation plan planning and implementation of risk management

activities value for money maintained/improved

Gate 5 – Benefits realisation


Vendor Internal

$<insert cost of

Review>


Assurance assessment report and action plan. Areas assessed include: updated accountable business case post implementation review findings assessment of benefits delivered asset disposal plan whether anticipated benefits are being delivered ongoing contract development and management asset/services delivered value for money and performance improved

<insert type of Timeframe: <insert the Vendor $<insert [insert name of resource (if/when known) - <List the key product/s that will be delivered, include

of 21



Assurance Gate


review – add in health checks, audits, other external reviews where applicable (slot this row into table where applicable)>

timeframe of the arrangement>Commencement date: <insert date of review>Completion date: <insert completion date of review>

Internal cost of Review>

panel member and key personnel (if known) or Internal resource – Business unit and key personnel (if known)]Name: <Insert vendor name / internal resource>Key personnel: <insert name>Position: <insert position title>Telephone: <insert telephone number>Email: <insert email address>

areas of assessment if applicable >

of 21



THIS IS AN EXAMPLE – only providing some sample information – DELETE PRIOR TO FINAL VERSION

Assurance Gate Delivery period Resourcing

Total contract

valueResource Deliverable/s specifications

Assurance Gate 3 – Investment Decision

Timeframe: 2 weeksCommencement date: 17 August 2015Completion date: 28 August 2015

Vendor Internal

$20,000 Name: ABC ConsultingKey personnel: John Smith (Director)Joe Bloggs (Senior consultant)Jane Doh (Consultant)Telephone: 07 3213 1234Email: [email protected] [email protected]@abcconsult.com.au

Investment decision assurance report and action planAreas assessed to include: business case communications plan benefits management strategy and plan project and stage plans, including project

descriptions risk and issue plans and registers project controls and progress alignment against

plan procurement plans and implementation of plans delivery strategy robustness of planning, design and

development stage

Internal health checks

Timeframe: 1 weekCommencement date: 15 February 2016Completion date: 19 February 2016

Vendor Internal

Core operating

funds

Name: Project Delivery Office, DCSKey personnel: John CitizenPosition: Senior Project Manager, Information DivisionTelephone: 3404 5432Email: [email protected]

Health check report with corrective action plan - Refer to Assurance Gate 3 report’s recommended action items

of 21


mailto:[email protected]





6. Assurance schedule[An assurance review provides stakeholders with snapshot view of the project’s progress at a given point in time and should be seen as complementary to other assurance activities.

The assurance review scheduling template provided below allows you to outline (where applicable):

scheduled reviews to be undertaken (including (if known) any government compliance reviews, CBRC submissions, Investment Reviews internal/external health checks)

timing of review/s

coordinator/provider for the review

Health checks can occur at any stage throughout the project, or at the request of the DG Council or the SRO.

You may also like to include:

reporting of review results (to whom and when)

known/expected trigger points for re-profiling of the assurance initiative.

action plan endorsed at the end of each gate

other agency assurance services can be detailed here as indicated by the Queensland Government Methodologies i.e. MSP, PRINCE2, and agency policy and procedures (In particular for technical reviews).

For the best result, a review is carried out shortly before a decision point or stage transition to allow sufficient time for any recommendations to be implemented. Key attributes include:

time-limited reviews, at key decision points or milestones (referred to as ‘gates’ for projects and ‘stages’ for programs)

can be conducted multiple times and on a regular basis throughout the life of the program/ project from start-up to closure

reviews provide a point in time assessment of delivery confidence and

cultivates a benefits led approach throughout program/project design, implementation and delivery.

A gated review does not replace the need for a full audit opinion on the effectiveness of risk management, control and governance. It is important to note that no assurance process is a substitute for a rigorous and accountable project governance framework.

For large scale projects or programs with significant strategic or resource implications it is advisable to build project assurance into the project plan from the start so there is a continual process of audit and review. However for other projects the project board may require an ad hoc assurance audit or review to be carried out.

Assurance profile Level 1 represents the standard agency project level of assurance, primarily involving the project board/steering committee and internal business area/s staff. Actions at this time include project monitoring and reporting supported by project health checks and specific technology and business reviews.

of 21



Assurance profile Level 2 includes Level 1 and agency level assurance requiring engagement of senior management staff independent from the business areas. Extensive independent agency health checks are undertaken.

Assurance profile Level 3 - In addition to internal assurance this assurance level will require the involvement of an external supplier of assurance services to perform reviews. The Queensland Treasury Gateway Review team or a supplier from the ICTSS.13.03A Program and Project Gated Assurance Services panel should be used.

Assurance profile Level 4 - this is the highest assurance level and not only requires internal assurance, but also requires gated reviews to be undertaken by an independent supplier of assurance services. Suppliers from the ICTSS.13.03A Program and Project Gated Assurance Services panel, for critical initiatives, should be used.

Whole-of-government activities may need to be considered and included as part of the planning schedule. If not relevant to the initiative delete the applicable row.

The SRO can assign additional assurance assessments external to government, such as cross government and external reviews, external health checks and gateway services. These types of reviews should be included in the assurance schedule. If not relevant delete the applicable row/s.

As detail is determined, changes to reviews and schedules may require this plan to be updated.]

The agreed assurance reviews and activities for this project are outlined in the table below:

Level 4 Assurance schedule

Review descriptionCheck box

denotes mandatory

Scheduled timing Responsibility

Initiative start date --<insert planned

project start date>

--

Government compliance reviews [mandatory / optional depending on initiative value – insert additional rows if more than one compliance review applies]

<insert expected date of review>

Application: <insert who is responsible for applying for the review, e.g. project manager>

Undertaking review: <insert who is responsible for undertaking review, e.g. Joe Bloggs, Strategic Sourcing,

DSITIA>

ICT Concept Review <insert expected date of review>

<insert who is responsible for applying to ICT Concept Review, e.g.

project manager, sponsor>

Submission of CBRC document (if applicable)

<insert expected date of

submission>

<insert who is responsible for submitting to parliament, e.g. SRO>

Internal Health Check <insert expected date of review>

<insert who is responsible for health check, e.g. Project Management

Office, internal audit>

External/Specialist Health Check <insert expected date of review>

<insert who is responsible for health check, e.g. ABC consulting>

Assurance Gate 1 <insert expected date of review>

<insert who is responsible for gated review, e.g. Project Management

of 21



Office>

Submit Gate 1 report and Action Plans to QGCIO


Submission>

<insert who is responsible for submitting report to QGCIO, normally

project manager>








Office>



Submission>


project manager>








Office>



Submission>


project manager>

Investment Review <insert expected date of review>

<insert who is responsible for applying to Investment Review, e.g.

project manager, sponsor>








Office>



Submission>


project manager>








Office>



Submission>


project manager>

of 21



Assurance Gate 5 (repeat if required)

<insert expected date of review>


Office>

Submit Gate 5 report and Action Plans to QGCIO (repeat if required)


Submission>


project manager>

Initiative end date -- <insert planned project end date> --

7. Management of intended outcomesThe project manager will be responsible for ensuring the following –

A copy of the final reports and resultant Action plans will be submitted to the following parties:

Queensland Government Chief Information Office (QGCIO) SRO <stakeholder>

8. Management of changes to assurance scheduleThis section is to outline the process and management of changes to the assurance schedule. Changes to the assurance schedule require approval by the Project Board and a copy of the updated schedule provided to the project manager or agency PMO (if applicable).

Unscheduled reviews require approval by the Project Board. The plan requires updating to reflect un-scheduled reviews, with advice on delays to the PMO. Some examples include:

delays in scheduled reviews additional scheduled reviews changing circumstances and new developments further refinements during project planning changes as a result of a change in the assurance profile discussions/negotiations with stakeholders.

The resulting revised plans are to be provided to the PMO (as part of the Assurance Summary Report maintained by the PMO.)

Under the governance of this project, the Project Board approves the following changes to this plan: <change> <change>

Changes resulted for the following reasons: <reason> <reason>

The project manager will update the Assurance Summary Report and submit to the QGCIO by <insert anticipated delivery date>.

of 21



Appendix A: Terms of Reference[Each assurance review should have a Terms of Reference (ToR) developed by the agency specifying the scope, expectations including the time, effort and expertise required to conduct the specific review. For example, if the SRO/Project Executive requires a specific element to be examined it needs to be clearly stated within the scope.

All ToRs for reviews are required to be endorsed by the SRO / Project Executive who has the assurance role and responsibility for the initiative.

A Terms of Reference – Assurance Review template is available on the QGCIO intranet site.]

<Insert Terms of Reference per review type applicable to this project>

of 21



Appendix B: References[Insert the name, version number, description, and physical location of any documents referenced in this document. Add rows to the table as necessary.]

The following table summarises the documents referenced in this document.

Document name Description Location

<Document Name and Version Number>

< Document description> <URL or Network path where document is located>

of 21



Appendix C: Glossary of key terms

The following table provides definitions and explanations for terms and acronyms relevant to the content presented within this document.

Term Definition

Gate A governance review point at which there is an independent assessment of the extent to which the project: is conforming with the deliverables/documentation quality

standards is acceptably controlling/mitigating risks and issues still has satisfactory stakeholder commitment still is acceptably resourced still is on course to deliver the scope defined in the project

business case/project plan still is acceptably on budget (to date and forecasted to end) still is acceptably on schedule (to date and forecasted to end) still is anticipated to deliver the benefits set out in the project

business case still is acceptably aligned with current business strategic priorities.As a result of the review of the project against the acceptance criteria set out for each control gate, it will be authorised to continue, be terminated or re-scoped/redefined.

Health check The purpose of a health check is to quickly gain an objective view of the health a project, and identify key issues / risks that may prevent successful completion. A health check differs from a gated review in that a gated review is part of formal governance arrangements.

Profile level The level of assurance required by an initiative - Level 1 being the lowest and Level 4 being the highest. The level determines the assurance activities and related reviews that should be undertaken during the life of the project to help manage risk and improve delivery confidence.

Program/project assurance Independent assessment and confirmation that the program or any of its aspects are on track, applying relevant procedures, and that the projects, activities and business rationale remain aligned to the program’s objectives.

of 21
