The GCDO Assurance Services Guide provides a common definition of the different types of Independent Quality Assurance (IQA) and Technical Quality Assurance (TQA) services provided under GCDO Assurance Services Panel and can be used to define the scope of an assurance engagement.
An independent and objective assessment that provides credible information to support decision-making.
The key words in our definition are ‘independent and objective’. This means that providers must maintain their independence and objectivity when delivering assurance services. The independence and objectivity of providers may be threatened if they are also providing advisory services to a digital investment. A good test is to ask the question ‘Is a provider able to return in the future and still feel comfortable criticising the scope or quality of any of the deliverables they are reviewing?’
To help illustrate the difference, the following advisory services are not within the scope of the GCDO Panel:
Performing portfolio, programme or project management activities
Performing technical design or implementation activities, including privacy impact assessments and security certification of new systems
Fixing issues identified during the course of an assurance review.
Conflicts of interest such as those above must be assessed prior to selecting a provider and should be continuously re-assessed throughout the lifecycle of an ongoing assurance review.
GCDO assurance services categories
GCDO assurance services for digital investments fall into two broad categories:
The following tables provide a high level service description of each of the GCDO assurance services categories that can be used as guide to define the scope of an independent assurance review.
Always insist on a tailored and insightful review that assesses the risks to successful delivery and their potential impact on outcomes.
Table 1: IQA for digital investments
Assurance Services Category
Provides the SRO with confidence that…
High Level Service Description
Project Assurance
The project is well positioned to deliver the expected outputs
Alignment to and adoption of the agency’s project management framework and public sector best practice guidelines (for example, PRINCE2)
Project governance enables timely and effective decision making
Project is supported by a robust and viable business case
Planning and delivery processes ensure project activities are well controlled
Financial management and control of budgets are effective
Benefits definition, realisation planning and monitoring are sufficiently controlled
Risk and issue management processes are effective
Stakeholder engagement and communication processes are effective
Controls over the management of vendors / sub-contractors are effective
Quality management and assurance processes are effective
Change management plan is robust and the business is well positioned to receive the project outputs
Identification of how the customer needs are understood and met. Wider opportunities within government are integrated into the Programme service delivery
The customer experience is measured. Measurement results are visible and drive governance decisions to determine future Programme deliverables
Programme Assurance
The programme is well positioned to deliver the expected outcomes and benefits related to the organisation’s strategic objectives
Alignment to and adoption of the agency’s programme management framework and public sector best practice guidelines (for example, Managing Successful Programmes)
Alignment of the programme to organisational strategic objectives
Programme is supported by a robust and viable business case
The future organisation design will deliver the expected outcomes and benefits
Programme governance enables timely and effective decision making
Programme planning and control processes are effective
Benefits definition, realisation planning and monitoring are sufficiently controlled
Risk and issue management processes are effective
Stakeholder engagement, communication and change management processes are effective
Quality management and assurance processes are effective
Identification of how the customer needs are understood and met. Wider opportunities within government are integrated into the Programme service delivery
The customer experience is measured. Measurement results are visible and drive governance decisions to determine future Programme deliverables
Portfolio Assurance
The organisation has a robust approach to ‘doing the right things at the right time’
Alignment to and adoption of the agency’s portfolio management framework and public sector best practice guidelines (for example, Management of Portfolios)
Alignment of the portfolio to strategic objectives
Portfolio definition processes are robust
Portfolio governance and management processes are effective
Benefits definition, realisation planning and monitoring are sufficiently controlled
Portfolio risk management processes are effective
Stakeholder engagement and communication processes are effective
Identification of how the customer needs are understood and met. Wider opportunities within government are integrated into the Programme service delivery
The customer experience is measured. Measurement results are visible and drive governance decisions to determine future Programme deliverables
Table 2: TQA for digital investments
Assurance Services Category
Provides the SRO with confidence that…
High Level Service Description
Technical Design Assurance
The technical solution design is fit for purpose and will meet business requirements
Alignment to and adoption of the agency’s and government enterprise architecture frameworks, technical design standards and best practice guidelines
Assessment of the quality of the technical solution design, including the following:
Functional suitability – Extent to which the design will meet the stated business needs
Performance efficiency – Extent to which the design will meet non-functional requirements in terms of responsiveness and capacity
Compatibility – Extent to which the design enables information exchange and interoperability
Usability – Degree to which the design enables ease-of-use
Reliability – Extent to which the design will meet non-functional requirements in terms of availability and recoverability
Security – Degree to which the design protects information and data
Maintainability – Extent to which the design ensures the system can be maintained
Portability – Degree to which the design enables the system to be transferred from one platform to another
Completeness of technical design documentation set, including traceability of functional and non-functional requirements against the solution design and vice versa
Identification of any risks inherent in the design such as extent of customisation, future modification / upgrade capability and software licensing costs
The integration management in place is well understood, including how Application Programming Interfaces (APIs) will be designed, managed, published and be kept safe and available.
External opportunities to integrate into other systems including other agency systems have been/will be explored
Technical Implementation Assurance
The technical build is fit for purpose and ICT is well positioned to receive the new system
Assessment of code and configuration quality against the technical solution design requirements
Test strategy and management processes are effective
Data migration and master data management is sufficiently controlled