Risks that have the greatest impact on delivery success

If governance and decision-making arrangements are not clear and/or governance bodies are not provided with high quality, timely information then decisions may be delayed or poorly informed, impacting on timeframes, costs, quality and the ability to achieve anticipated investment outcomes and benefits.

Lessons learned

Key principles— Accountability, Informs key decisions, Risk and outcomes-based

• Take the time to set up effective governance. Governance structures, roles and responsibilities are clearly documented in the governance body’s terms of reference, including appropriate accountabilities for assurance.
• The composition of the governance body is regularly reviewed to ensure that it has the necessary skills, expertise and experience to support the current phase of work.
• Assurance artefacts (for example, assurance plans, terms of reference for independent assurance reviews and assurance reports) are endorsed by the governance body and approved by the senior responsible owner.
• The governance body regularly reviews risks to ensure they are being managed in accordance with the agency’s risk tolerance level.

If planning is not informed by a comprehensive understanding of the risks to delivery (schedule, dependencies and assumptions, costs and resources, and so on) then agreed tolerances for budget, quality and schedule may be exceeded, resulting in the organisation not achieving anticipated investment outcomes and benefits.

Lessons learned

Key principles — Assurance by design, Risk and outcomes-based, Flexible

• The programme/project needs to be set up appropriately. This includes a full understanding of the outcomes you are trying to achieve, the delivery approach, and how progress will be measured, controlled and assured using an integrated assurance approach.
• Assurance activity focuses on the key risks to achieving the expected outcomes and looks at the full scope of the investment.
• Actively track delivery progress against the baseline to enable potential risks and issues to be addressed on a timely basis.
• Significant changes to scope, approach, solution, or risk profile of an initiative triggers a review of the assurance plan by the governance body.

Note: A Quantitative Risk Analysis needs to be completed for all high risk investments as part of the detailed business case process to help reduce the risk of optimism bias.

Techniques to quantify risk and uncertainty (The Treasury website)

If key stakeholders are not identified and effectively engaged throughout the investment lifecycle then the solution may not meet user needs, or users may be unprepared for the change, impacting on the ability of the organisation to achieve anticipated investment outcomes and benefits.

Lessons learned

Key principles — Assurance by design, Informs key decisions, Flexible

• Include users of the service or system in the development of requirements, testing and implementation in a meaningful way with established open and transparent communication.
• Assurance is integrated taking into account the assurance needs of all stakeholders.
• Impacts on end users have been identified and adequately planned for with training and support post go-live and resources are provided to support issue resolution in a timely manner.
• Assurance covers inter-agency, sector and all-of-government impacts, including stakeholder engagement activities, where a change initiative goes beyond the boundaries of the lead agency.

If the programme or project cannot recruit and retain the right people with the right skills then the team may not be able to deliver within agreed timeframes or to the expected quality, negatively impacting anticipated investment outcomes and benefits.

Lessons learned

Key principles — Assurance by design, Risk and outcomes-based, Independent and impartial

• Get the right team. Complex change can require specialist/limited resources. Planning needs to reflect resourcing constraints, including an accurate reflection of internal capacity to deliver not just availability of external subject matter experts (SMEs).
• Have the right internal capability across delivery disciplines (architecture, solution design, programme management, and so on) to enable effective oversight across vendor delivery.
• Undertake long-term resource planning to identify demand. Secure SMEs and identify resourcing conflicts early. This includes line management committing to resources for the planned effort and duration of the initiative.
• Ensure third party assurance providers have the experience to effectively assure an investment of your scale and complexity.

If the preparations for transition to service are not thorough and carefully planned, including having clear and agreed go-live criteria and a post implementation support plan, then post deployment issues may impact critical business operations, organisational reputation and the ability to deliver anticipated investment outcomes and benefits.

Lessons learned

Key principles — Informs key decisions, Risk and outcomes-based, Accountability

• Assurance provides an independent assessment of delivery confidence to support key decisions such as stage gates and go/no-go decisions.
• Assurance covers business readiness to accept the change as well as technical implementation readiness.
• Implementation risk is reduced for critical systems by the use of strategies such as pilots or staggered rollouts, which provide opportunities for refinement and identifying issues early.
• The governance body receives copies of all assurance reports in full and the status of issues raised in assurance reports is tracked and reported to the governance body.

If commercial agreements are not aligned to delivery milestones/outputs/ outcomes, that is, a realistic measure of progress, then this may lead to challenges in managing vendor performance and negatively impact on timeframes and costs.

Lessons learned

Key principles — Risk and outcomes-based, Accountability

• Undertake due diligence on vendors to identify risks to delivery such as lack of capacity and capability, over-reliance on key people, location of vendor (offshore, onshore) and so on.
• Commercial arrangements include outcomes-based milestones against which to measure real vendor progress.
• For high risk/multi-vendor investments, consider a specialist contract management resource to manage vendor performance.
• The primary vendor is represented on the governance body (non-voting rights) to build and maintain the vendor relationship. This supports honest and open communication and timely escalation of critical issues.