Skip to main content

Risks that have the greatest impact on delivery success

We have developed a view of the most common risks to successful delivery of digital investment outcomes based on the lessons learned from our engagement with agencies across government.

These risks may not apply to all investments but are useful to keep in mind for early assurance thinking and planning.

Pocket guide

The pocket guide to the risks that have the greatest impact on delivery success summarises the information on this page.

Pocket guide: Risks that have the greatest impact on delivery success (PDF 86KB)

Governance

If governance and decision-making arrangements are not clear and/or governance bodies are not provided with high quality, timely information then decisions may be delayed or poorly informed, impacting on timeframes, costs, quality and the ability to achieve anticipated investment outcomes and benefits.

Lessons learned

Establish a fit for purpose governance structure, ensure accountabilities and decision rights are explicit and ensure transparency. Ensure governance is effective based on high quality information and reporting for decision-making.

Canadian Federal Government Phoenix Payroll Project: Lessons learned

Plan how a programme’s governance and oversight needs to change during the programme lifecycle.

New Zealand Customs Service Joint Border Management System: Lessons learned

Key principles— Accountability, Informs key decisions, Risk and outcomes-based

  • Take the time to set up effective governance. Governance structures, roles and responsibilities are clearly documented in the governance body’s terms of reference, including appropriate accountabilities for assurance.
  • The composition of the governance body is regularly reviewed to ensure that it has the necessary skills, expertise and experience to support the current phase of work.
  • Assurance artefacts (for example, assurance plans, terms of reference for independent assurance reviews and assurance reports) are endorsed by the governance body and approved by the senior responsible owner.
  • The governance body regularly reviews risks to ensure they are being managed in accordance with the agency’s risk tolerance level.

Optimism bias

If planning is not informed by a comprehensive understanding of the risks to delivery (schedule, dependencies and assumptions, costs and resources, and so on) then agreed tolerances for budget, quality and schedule may be exceeded, resulting in the organisation not achieving anticipated investment outcomes and benefits.

Lessons learned

It is easy to get caught up in the day-to-day activity of delivery.  We are managing issues every day and have them under control. So why do we need assurance? The reality is that we often cannot see the ‘wood for the trees’ and underestimate the likelihood of risks impacting on us.

Assuring Digital Government Outcomes: All-of-Government Portfolio, Programme and Project Assurance Framework

Key principles — Assurance by design, Risk and outcomes-based, Flexible

  • The programme/project needs to be set up appropriately. This includes a full understanding of the outcomes you are trying to achieve, the delivery approach, and how progress will be measured, controlled and assured using an integrated assurance approach.
  • Assurance activity focuses on the key risks to achieving the expected outcomes and looks at the full scope of the investment.
  • Actively track delivery progress against the baseline to enable potential risks and issues to be addressed on a timely basis.
  • Significant changes to scope, approach, solution, or risk profile of an initiative triggers a review of the assurance plan by the governance body.

Note: A Quantitative Risk Analysis needs to be completed for all high risk investments as part of the detailed business case process to help reduce the risk of optimism bias.

Techniques to quantify risk and uncertainty (The Treasury website)

Change management

If key stakeholders are not identified and effectively engaged throughout the investment lifecycle then the solution may not meet user needs, or users may be unprepared for the change, impacting on the ability of the organisation to achieve anticipated investment outcomes and benefits.

Lessons learned

Do not leave your stakeholders guessing. Establish open, honest and transparent engagement and communication and understand and respond effectively to their needs.

Canadian Federal Government Phoenix Payroll Project: Lessons learned

Key principles — Assurance by design, Informs key decisions, Flexible

  • Include users of the service or system in the development of requirements, testing and implementation in a meaningful way with established open and transparent communication.
  • Assurance is integrated taking into account the assurance needs of all stakeholders.
  • Impacts on end users have been identified and adequately planned for with training and support post go-live and resources are provided to support issue resolution in a timely manner.
  • Assurance covers inter-agency, sector and all-of-government impacts, including stakeholder engagement activities, where a change initiative goes beyond the boundaries of the lead agency.

The right people with the right skills

If the programme or project cannot recruit and retain the right people with the right skills then the team may not be able to deliver within agreed timeframes or to the expected quality, negatively impacting anticipated investment outcomes and benefits.

Lessons learned

Complex business transformation programmes need highly skilled and experienced individuals through all phases.

New Zealand Customs Service Joint Border Management System: Lessons learned

Key principles — Assurance by design, Risk and outcomes-based, Independent and impartial

  • Get the right team. Complex change can require specialist/limited resources. Planning needs to reflect resourcing constraints, including an accurate reflection of internal capacity to deliver not just availability of external subject matter experts (SMEs).
  • Have the right internal capability across delivery disciplines (architecture, solution design, programme management, and so on) to enable effective oversight across vendor delivery.
  • Undertake long-term resource planning to identify demand. Secure SMEs and identify resourcing conflicts early. This includes line management committing to resources for the planned effort and duration of the initiative.
  • Ensure third party assurance providers have the experience to effectively assure an investment of your scale and complexity.

Go-live readiness

If the preparations for transition to service are not thorough and carefully planned, including having clear and agreed go-live criteria and a post implementation support plan, then post deployment issues may impact critical business operations, organisational reputation and the ability to deliver anticipated investment outcomes and benefits.

Lessons learned

Ensure there is rigour and transparency in the go-live decision process. The go-live readiness decision must be evidence-based with clear and agreed decision rights.

Canadian Federal Government Phoenix Payroll Project: Lessons learned

Key principles — Informs key decisions, Risk and outcomes-based, Accountability

  • Assurance provides an independent assessment of delivery confidence to support key decisions such as stage gates and go/no-go decisions.
  • Assurance covers business readiness to accept the change as well as technical implementation readiness.
  • Implementation risk is reduced for critical systems by the use of strategies such as pilots or staggered rollouts, which provide opportunities for refinement and identifying issues early.
  • The governance body receives copies of all assurance reports in full and the status of issues raised in assurance reports is tracked and reported to the governance body.

Vendor and commercial management

If commercial agreements are not aligned to delivery milestones/outputs/ outcomes, that is, a realistic measure of progress, then this may lead to challenges in managing vendor performance and negatively impact on timeframes and costs.

Lessons learned

Have clearly defined contractual stage gates for project deliverables with effective off-ramps for use when performance falls short of expectations.

New Zealand Customs Service Joint Border Management System: Lessons learned

Key principles — Risk and outcomes-based, Accountability

  • Undertake due diligence on vendors to identify risks to delivery such as lack of capacity and capability, over-reliance on key people, location of vendor (offshore, onshore) and so on.
  • Commercial arrangements include outcomes-based milestones against which to measure real vendor progress.
  • For high risk/multi-vendor investments, consider a specialist contract management resource to manage vendor performance.
  • The primary vendor is represented on the governance body (non-voting rights) to build and maintain the vendor relationship. This supports honest and open communication and timely escalation of critical issues.

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated