The Policy takes a principles-based approach, using risk as a basis for determining the application of the Gateway process rather than pure dollar thresholds. This will allow better targeting of Gateway resources and improve overall assurance to delivery agencies and Government. The Policy:
• establishes a Gateway Coordination Agency (GCA) for each major category of spend: INSW as the GCA for capital, DFSI for ICT projects and Treasury for major recurrent projects.
• requires each GCA to develop, obtain Government approval, and implement a risk assessment Framework (GCA Framework) that sets out its detailed approach to Gateway reviews. Separate risk based GCA Frameworks for capital, ICT and major recurrent projects enable processes to be tailored to the differing characteristics of these projects
• sets the minimum requirements for each GCA Framework to ensure consistency in the application of Gateway. These requirements include the risk criteria that GCAs must include and appropriately weight in designing their risk assessment frameworks. The GCA Framework must also include Gates aligned to those outlined in the Policy
• requires GCA Frameworks to identify the financial threshold above which projects or programs are required to be risk assessed under each Framework. The number and application of Gates is determined by the risk assessment under the appropriate Framework
• clarifies the roles and responsibilities of policy owner, GCAs and delivery agencies
• requires Gateway review reports to be shared with delivery agencies and Treasury and requires GCAs to also report periodically to Treasury to allow for monitoring of the effectiveness and efficiency of Gateway.
Projects are classified into 4 Tiers following a risk assessment based on criteria and weightages outlined in each Gateway Coordination Framework. Projects identified as high profile / high risk (HPHR) will form Tier 1 projects under each Framework and will attract the highest level of scrutiny. HPHR projects require all gates in the Framework to be completed. Projects assessed to have a lower risk than Tier 1 will be subject to fewer gates depending on the requirements of each Framework.