ICT Two Pass Review
The Government implemented an ICT Two Pass Review process in 2008 to provide Cabinet with better information to support decision making on major investments in ICT-enabled proposals.
The process enables a multi stage assessment of proposals – each at increasing levels of detail and accuracy. A key component of this approach is the iterative development of a Business Case that articulates the policy objective, how the proposal contributes to the achievement of that objective, and identifies and evaluates options for delivery of the proposal.
Effective business case development is a key part of the project & programme management process that helps ensure alignment between policy intent and agency activity and investment.
The process will also better position agencies for the Assurance Review processes, and is a cornerstone in the successful delivery of ICT-enabled proposals.
For government, the process supports capital budgeting decisions by providing better information on the benefits, costs and risks before final approval of ICT enabled proposals.
For agencies, the process contributes to more effective delivery of policy outcomes by providing assurance that delivery options are identified and considered, costs are fully developed prior to requesting funding, and ensuring agencies only develop full business cases for proposals which government has given in-principle approval.
Cabinet Submission recommendations must seek first or second pass approval in accordance with the ICT Two Pass Review process. The required form-of-words is set out in the Cabinet Circular on recommendations for Portfolio Budget Submissions and Cabinet Submissions.
The ICT Two Pass Review process is managed by the Digital Government Investment and Assurance Branch (DGIA) within the context of the broader budget process, which is managed by the Budget Group in Finance. The two groups have arrangements in place to share information provided by agencies in order to fulfill their respective roles.
Agencies must comply with current Finance Estimates Memorandums covering ICT Two Pass Review and Budget Process Operational Rules, available through their Chief Finance Officer (CFO) unit.
The Whole-of-Government ICT Investment Principles will assist your agency in prioritising possible ICT investments and developing a first pass business case.
Further information is available by emailing firstname.lastname@example.org.
Proposals Subject to the ICT Two Pass Review Process
The ICT Two Pass Review process applies to proposals, including internally funded proposals, that:
- are ICT-enabled, that is, the policy or service delivery outcomes are highly dependent on an underpinning ICT system
- have a total cost estimated to be $30 million or more, including ICT costs of at least $10 million; and
- are assessed by Finance as being high-risk in terms, for example, of cost, technical complexity, workforce capacity or schedule.
The total cost of an ICT-enabled proposal, for the purposes of determining whether it meets the cost criteria, is the through-life cost of the proposal. It includes both the capital and operating expenditure components of the proposal.
The Secretaries' ICT Governance Board (SIGB) may also refer proposals that have a total cost estimated to be less than $30 million to the ICT Two Pass Review process, if it considers that the proposal would benefit from such a review.
Agencies bringing forward proposals that are subject to the ICT Two Pass Review process must seek first pass approval from Cabinet, supported by a First Pass Business Case.
If Cabinet gives first pass approval, agencies must:
- submit a draft Second Pass Business Case to to DGIA to enable early consideration and consultation, and
- submit the final Second Pass Business Case to DGIA for review prior to seeking second pass approval from Cabinet.
Timing of ICT Two Pass
|From June each year:||Agencies advise Finance of ICT investment intentions.Agencies commence development of their First Pass Business Cases.|
|From September each year:||Finance reviews draft First Pass Business Cases and provide feedback to agencies.|
|Between December and April:||Cabinet decides if the proposal will proceed to budget deliberations.Agencies incorporate any feedback and submit final First Pass Business Cases.Cabinet considers the First Pass Proposals and decides whether to agree in-principle, subject to a Second Pass Business Case.|
|Timing determined by Cabinet||Agencies develop their draft Second Pass Business Cases.Finance reviews Second Pass Business Cases and provides feedback to agencies.Agencies incorporate feedback and submit final Second Pass Business Cases.Cabinet considers the Second Pass Proposals and decides whether to:
Further information about the budget and Cabinet process, requirements and timing is available to Government officials through your CFO area.
The timing and dependencies of the ICT Two Pass process, in the context of the broader budget process are described in the schematic below:
ICT Two Pass Process Alignment
(Click through for full size)
ICT Two Pass – Roles and Responsibilities
The following diagram sets out the high level roles and responsibilities of the key stakeholders involved in the ICT Two Pass Process.
ICT Two Pass RACI Chart
(Click through for full size)
Proposals that are subject to the ICT Two Pass Review process must seek staged approval from Cabinet. To enable this, agencies must submit business cases subject to the ICT Two Pass Review process to DGIA for review, before they are submitted to Cabinet.
At first pass, the relevant Portfolio Minister seeks in-principle agreement from Cabinet to a proposal on the basis of a First Pass Business Case. Agreement is sought to develop one or more options for second pass consideration.
At second pass, the relevant Portfolio Minister seeks Cabinet's agreement to proceed with a proposal on the basis of a Second Pass Business Case.
Agencies must use existing resources to develop the First Pass Business Case, but the First Pass Proposal may include a modest bid for additional funds to develop the Second Pass Business Case where necessary. This ability to potentially secure funding to further develop a proposal is an additional benefit of the Two Pass process.
Sponsoring agencies need to submit ICT Two Pass Business Cases via CABNET to:
Digital Government Investment and Assurance
GaRM - Efficiency, Assurance and Digital Government
Department of Finance
Emerging ICT Investment Intentions:
From June each budget year, agencies notify DGIA of ICT investment intentions and ICT enabled proposals that may meet the ICT Two Pass Review criteria, as they arise.
The purpose of the agency discussions with DGIA is to establish an early understanding of the potential nature, scale, complexity and broad cost of major agency ICT initiatives that may emerge for formal consideration by Cabinet. Detailed information on the proposal is not required at this stage.
ICT Business Case Guide
The ICT Business Case Guide will assist agencies develop sound business cases when seeking to make significant ICT investments. Business cases developed in accordance with this guide are expected to be suitable for both internal decision making and as inputs to the ICT Two Pass Review Process. This guide can be read in conjunction with the Sample First and Second Pass Business Case.
- Attachment A: Assumptions and Constraints
- Attachment B: Common ICT Costs
- Attachment C: Cost Estimation Guide
- Attachment D: Benefits Categorisation
- Attachment E: Cost Benefit Analysis
- Attachment F: Common ICT Project Risks
Agencies should also consider using the following costing model:
- Costing spreadsheet [ 263 KB]
In addition, the following documentation guide provides assistance with supporting documentation requirements for ICT Two Pass Review:
Agencies should develop business cases with due regard to the impact of Whole-of-Government ICT Policies.
First Pass Approval
When developing an ICT Two Pass first pass business case, you should also look at the Whole-of-Government ICT Investment Principles.
A benefit of the first pass review is to minimise the use of agencies' resources on developing a proposal prior to the Government's initial consideration.
At first pass, agencies will be expected to have canvassed realistic ICT options to deliver the outcomes of the proposal. Agencies should have developed a broad, through-life cost estimate and an indicative schedule for each ICT option.
Agencies should prepare an initial Business Case with one or more well considered options, and then seek in-principle agreement to the proposal from Cabinet to develop one or more options for further consideration.
In addition to the ICT Business Case Guide materials listed above, agencies will benefit by using the following First Pass Business Case template and sample:
- First Pass Business Case Template [ 288 KB]
- First Pass Business Case Template [ 192 KB]
- Sample First Pass Business Case (Fictional Proposal) [ 427 KB]
- Sample First Pass Business Case (Fictional Proposal) [ 893 KB]
Second Pass Approval
At second pass, agencies develop the Business Case in support of the proposal being brought forward for the second pass review by Cabinet. The Second Pass Business Case includes detailed cost assessments and risk mitigation strategies. The cost estimates are based on rigorous planning in terms of the scale and features of the ICT infrastructure, applications and support required, including non-binding, tender-quality estimates from the private sector where appropriate.
In addition to the ICT Business Case Guide materials listed above, agencies will benefit by using the following Second Pass Business Case template and sample:
- Second Pass Business Case Template [ 258 KB]
- Second Pass Business Case Template [ 122 KB]
- Sample Second Pass Business Case (Fictional Proposal) [ 423 KB]
- Sample Second Pass Business Case (Fictional Proposal) [ 363 KB]
Defence ICT Investment Approval Process
Department of Defence ICT projects that are not assessed through the Kinnaird two-pass process are to use the ICT Two Pass Review process as well as the following agreed costing guidance. Enquiries should be directed to the Defence, Security and Intelligence Branch (non-DCP) or the Defence Capability Assessment Branch (DCAB) of Finance.
- First and Second Pass Costing Guidance for Defence ICT Projects [ 143 KB]
- First and Second Pass Costing Guidance for Defence ICT Projects [ 271 KB]
Consideration of Agencies' ICT Investment Capability in the ICT Two Pass Process
Non-corporate entities under the Public Governance, Performance and Accountability Act 2013 (PGPA Act agencies) are implementing the Portfolio, Programme and Project Management Maturity Model (P3M3™) as a common methodology for assessing their organisational capability to commission, manage and realise benefits from ICT-enabled investments.
The Government considers independently validated P3M3 assessment results in the ICT Two Pass process.
Non-corporate entities with an annual ICT spend greater than $2 million are required to incorporate in their first and second pass proposals the results of their P3M3 assessments. Current organisational capability in ICT-enabled investment will be considered as part of the ICT Two Pass Review process:
- from December 2010, for agencies with annual ICT spends over $20 million, and
- from June 2011, for agencies with annual ICT spends between $2 million and $20 million.
Further information on Organisational Capability in ICT Investment is available in the ICT Investment Framework from the Finance website.
For advice on the incorporation of P3M3 information in the ICT Two Pass process, please email the Capability Assessment mailbox.
Assurance Review Process
The ICT Two Pass Review process complements the Assurance Review Process for ICT enabled proposals.
- Risk Potential Assessment Tool (RPAT);
- Gateway Reviews; and
- Implementation Readiness Assessments (IRA)
The Risk Potential Assessment Tool (RPAT) provides a standard set of high-level criteria for identifying risks related to new policy proposals and assessing consequences if risks were to eventuate.
The key points of difference between Gateway and ICT Two Pass Reviews are that Gateway is conducted across the implementation lifecycle and is an independent project assurance methodology designed to assist the Sponsoring Agency to deliver its project objectives and to deliver projects successfully.
Gateway involves conducting a series of brief, independent reviews at critical stages in the development and implementation of a project/program and reporting to the sponsor. The ICT Two Pass Review process is designed to provide Cabinet with information to support its decisions on major investments in ICT-enabled proposals.
The process aids in the preparation and presentation of compelling business cases in the context of a portfolio of investments, both at the agency and whole-of-government levels.
The purpose of an IRA is to provide assurance to Government and agency Chief Executives on the implementation readiness of certain proposed programs.
The following schematic identifies the relationship between the ICT Two Pass process and Assurance Reviews:
ICT Two Pass and Assurance Review Relationships and Timing
(Click through for full size)
- Text description of ICT Two Pass and Assurance Reviews Relationship and Timing
- ICT Two Pass and Gateway Relationship [ 140 KB]
Agencies must comply with current Finance Estimates Memorandums covering Assurance Reviews and Budget Process Operational Rules, available through their Chief Finance Officer (CFO) unit.
Cyber Security requirements in Business Cases for ICT-enabled New Policy Proposals
Agencies are required to consider and address cyber security risks and ensure proposals comply with relevant Government Cyber Security policies in all Business Cases prepared for ICT-enabled proposals, including those:
- brought forward as part of the Minister's Portfolio Budget Submission
- brought forward for consideration outside of the Budget process
- submitted through the ICT Two Pass Review Process
- submitted through the Department of Defence's ICT Investment Approval Process and its Two Pass Approval Process, and
- that are internally funded investments (only where business cases are required under the Budget Process Operational Rules regarding Asset and Capital Proposals.).
Agencies need to demonstrate that the proposal aligns with the Australian Government's Cyber Security Strategy.
The Business Cases for ICT-enabled proposals also need to reference and explain how the proposal will comply with the mandatory requirements of the Protective Security Policy Framework (PSPF) and the ICT requirements of the Information Security Manual (ISM) through the various stages of the proposed systems development lifecycle.
Agencies should address key cyber security policies and ICT requirements under the PSPF and ISM in the early stages of a proposal's systems development (at the concept development and planning stages) to enhance the integration of cyber security into a project.
For more information on the alignment of the ICT Two Pass Review process and Cyber Security requirements, refer to EM 2010/59 Cyber Security requirements in Business Cases for ICT enabled New Policy Proposals.
Frequently Asked Questions
The answers to the Frequently Asked Questions should be read in conjunction with the ICT Business Case Guide and associated Estimates Memoranda (EMs). EMs are available to government officials from CBMS or your CFO unit.
The ICT Investment Review team manages the ICT Two Pass Review process. If you have any queries concerning the process or its application to particular ICT-enabled proposals, please contact the Digital Government Investment and Assurance Branch by emailing email@example.com.
Contact details for ICT Two Pass enquiries:
For enquiries on the ICT Two Pass process and to advise us of your ICT initiatives, email firstname.lastname@example.org.