Figure 6 Control assurance

Ideal state

Gap analysis

Suggested priority actions

measures

Required element

Purpose

Statement of current position

Evidence for judgement

Agree the mandate to perform assurance.

To create, publish and maintain an agreed assurance mandate or charter (including accountabilities and objectives) for high risk projects.

OGC has a mandate to provide assurance to high risk projects but there is variability in how departments engage with assurance.

OGC staff rely on their relationships with departments to influence decisions.

OGC's mandate to perform assurance is clearly stated by HM Treasury. However as responsibility for delivering projects lies with departments, and accountability for resources lies with the departmental Accounting Officer, OGC does not enforce this mandate.

In practice, departments can choose whether to follow guidance on assurance leading to variability across government.

There is evidence of OGC staff being invited into projects. Individual members of OGC's team are highly regarded in the project delivery community.

Agree and issue a mandate for assurance of high risk projects including accountabilities and objectives for OGC, HM Treasury, Cabinet Office and departments. This should include governance arrangements around escalation and intervention.

Difficulty: Hard
Benefit: High
Immediacy: Medium term

Mandate agreed, issued and built into departmental governance.

Objectives and accountabilities agreed and built into departmental governance.

Use reports on the status of recommendations (open/ closed) to trigger escalation or further intervention.

To ensure that where recommendations have not been closed, the need for further action is decided upon.

Red rated projects are not halted.

The decision to halt red rated projects belongs to departments, and ultimately with the Accounting Officer. Our investigation highlighted no examples of red rated projects being stopped as a result of a Gateway review.

Formal tracking of actions against recommendations stays within the project team. Some departments have started to involve internal audit or centres of excellence to perform this role but this varies across government.

Clear governance around escalation.

To ensure escalation occurs via the standard process with responsibility for closing the issue clearly understood.

Escalation routes are in place but do not reflect the current assurance offering.

OGC's CEO writes to Accounting Officers and PAC when projects are given a red Gateway rating. The introduction of Assurance of Action Plans means the timing of an escalation decision requires revisiting.

Revisit and agree new escalation routes in line with system re-design.

Difficulty: Easy
Benefit: Medium
Immediacy: Short term (post design)

Escalation routes reviewed and new arrangements agreed, documented and in place as part of departmental governance.

Set cost, deliverability and risk control limits for the overall portfolio.

To trigger a response at the portfolio level based on time, cost, quality and risk control limits.

Government does not use assurance information to help inform the management of the portfolio of high risk projects.

There is a limited understanding of the total financial commitment that the MPP represents.

There is no structure in place to manage the portfolio:

● Investment decisions are made on a department by department basis.

● Control variance limits are not in place across the portfolio.

● Real time decisions are made on a project by project, or department by department basis.

● HM Treasury has no formal role in monitoring the financial risk of committed expenditure.

● The system report (MPP) is informed by self assessment and contains unreliable financial information.

● The Commercial Delivery Board does not make portfolio level decisions.

● There are no currently no standards or triggers in place to escalate findings to portfolio level.

Analysis of MPP data indicates that project costs are treated inconsistently. Some projects only include the cost to set up and prepare for the contracting phase prior to HM Treasury approval. Others include the best available estimated life-time cost to deliver the entire project. The result is that projects with a future cost of billions can be reported as millions. There are also instances of double counting of costs across different projects, and where a range is present, projects differ over whether to use the upper or lower estimated total cost.

Identify appropriate portfolio decision makers, agree escalation tolerance levels, approach and output format for portfolio affordability and deliverability issues.

Difficulty: Hard
Benefit: High
Immediacy: Start now, Long term

Use existing financial information contained within departments and HM Treasury to more accurately understand the total financial commitment that the MPP represents.

Difficulty: Medium
Benefit: High
Immediacy: Start now, Medium term

Approach in place to make portfolio level decisions regarding affordability and deliverability based on clear roles and responsibilities, escalation routes and control limits for the portfolio.

Improved use of existing information on government's most high risk projects - clear understanding of where the portfolio is against agreed control limits.

Manage assurance stakeholders.

To align end-users and providers through regular engagement between HM Treasury, Cabinet Office, OGC and departments.

There is inadequate engagement between OGC, HM Treasury, Cabinet Office, NAO and departments to manage and integrate the assurance of high risk projects.

Current assurance activities serving different stakeholders can overlap and do not generally build on each other. This can lead to overburden on project teams. A small number of departments have begun to align internal assurance activity with the requirements of the centre but this is not common.

Develop and maintain reviewer capability based on forecast demand.

To use information provided by portfolio reports and assurance planning information to decide how to meet demand for reviewers within budget constraints. Current reviewer performance informs the requirements for further training, expansion of the pool and rewards or sanctions.

Reviewer performance is reported on upon completion of a review.

There is no formal system in place to recognise and reward reviewer performance.

There is no evidence of systematic refresher training for reviewers.

Gateway requires a report on each reviewer to be completed but there is no evidence that this feeds into any performance appraisal (which reviewers would value), informs training requirements or future invitations to take part in reviews.

The system has a limited ability to recognise and reward good performance. Resourcing reviews is based on civil servants volunteering and hiring consultants. There are only a small number of High Risk review team leaders.

"Professionalise" assurance experts. Implement an approach to identify civil servants suitable to act as reviewers and reward reviewer performance as part of annual appraisals.

Difficulty: Easy
Benefit: Medium
Immediacy: Long term

Implement a systematic programme to develop and maintain reviewer knowledge. Use reviewer performance to direct training or cancel status as a reviewer.

Difficulty: Easy
Benefit: Medium
Immediacy: Long term

Performance framework in place to reward civil servants for acting as reviewers.

Improved take up of civil service reviewers, particularly number of high risk review team leaders in place.

Decide if standards for planning and performing assurance are correct and adhered to and inform the continuous improvement of assurance activity.

To ensure current assurance framework is effective based on the impact on project performance and stakeholder feedback. This will prioritise any areas for improvement.

There is no assessment on the impact of assurance on project performance.

Decisions on how to develop assurance is primarily based on stakeholder feedback.

OGC perform an annual stakeholder survey of SROs to assess the value they place on the different assurance processes. The overall impact of the system is not judged in a quantitative manner and the full cost to government is not known. This makes return on investment calculations problematic.

Develop, agree and implement an approach to manage, integrate and continuously improve assurance activity for high risk projects.

Difficulty: Hard
Benefit: High
Immediacy: Long term

Evidence of consideration of feedback and controlled updates and roll out of amendments to assurance activity.

Source: National Audit Office