Assurance Reviews Process Overview


This Overview is intended to assist participants in Assurance Reviews processes.

Introduction to Australian Government Assurance Reviews Process

Australian Government Assurance Reviews are administered by Finance and draw on a range of proven better practice methodologies, including the Better Practice Guide on Implementation of Programme and Policy Initiatives: Making Implementation Matter (Australian National Audit Office and the Department of the Prime Minister and Cabinet, October 2006) and the United Kingdom’s Office of Government Commerce, (OGC) Gateway Review Process.

Experience has shown that external assurance can add important new insights to internal control, as well as an independent perspective. It may in some cases act as a catalyst for lead entities to bring together the different elements of the policy to delivery chain. An integrated approach to assurance which selects the right tool at the right time will enhance the prospects of the implementation program achieving the intended policy outcomes. Not every program or project would need a centrally commissioned review and assurance process; these would need to be applied judiciously and for a good purpose.

The application of assurance activities based on an assessment of risk of the more complex programs has enabled more robust evidence-based decision making and support for the Government’s commitment to improve delivery and implementation of policies, programs and services.

Assurance Reviews focus on providing independent and timely advice and support the achievement of Government outcomes. They specifically address:

  • the development and maintenance of a robust Business Case with milestones and deliverables clearly articulated;
  • alignment of benefits to entity and government strategic objectives with clear measurable targets, timelines and owners;
  • implementation planning and risk management challenges associated with competing priorities and resources and capability;
  • the complexities and attendant risks, including those attached to cross-jurisdictional responsibilities;
  • regulatory environments that may expose a program to failure if not properly identified and managed;
  • governance, accountability and reporting requirements to ensure appropriate support and oversight during implementation and delivery of outcomes and benefits; and
  • appropriate risk management analysis and the development of mitigation strategies.

Core Principles and Characteristics of Assurance Reviews

Fundamental to the ongoing success of the Assurance Reviews process are its core principles and the focus on:

  • providing independent assurance on how best to ensure that programs/projects are successful;
  • building capability through access to highly credentialed reviewers who provide mentoring and coaching; and
  • promulgating the lessons learned.

The key characteristics include:

  • short duration – generally no more than 5 days;
  • are based on non-attributable interviews;
  • flexibility as to scope – to reflect the stage of policy development;
  • flexibility as to timing – the main constraint is the Budget process and the time for an entity to be prepared; and
  • value-add – the specialist pool of senior reviewers have skills and experience relevant to the policy delivery environment.

The Two Key Types of Assurance Reviews

  • Gateway Review Process (Gateway) for programs and projects; and
  • Implementation Readiness Assessments (IRA).

Gateway Review Process (Gateway)

Gateway reviews are nominally conducted at key decision points throughout the design, development and implementation lifecycle of a program or project. Their purpose is to provide independent assurance and timely advice to the entity, via a nominated Senior Responsible Official (SRO) to improve delivery and implementation of policies, programs, projects and services. For each review, the review team will provide the SRO with assurance of progress against entity and government objectives at that point in time, a delivery confidence assessment (DCA) on the program/project’s likelihood of succeeding, and highlights issues that threaten success and/or jeopardise the delivery of benefits.

Gateway is primarily an internal capability improvement and assurance function. This “constructive” and “self-help” aspect can be effectively delivered because a key principle of Gateway reviews is to maintain confidentiality and non-attribution in reports. Gateway applies to proposals undertaken by entities, which require government approval and which are assessed to be high risk and which satisfy certain financial thresholds:

Projects with a total cost estimated to be :

  • $30 million or more for procurement or infrastructure projects, or
  • $30 million or more, including an ICT component of at least $10 million.

Programs with:

  • a total cost greater than $50 million.

These thresholds apply to the total value of a program/project, regardless of the timeframe for delivery, including the delivery of benefits. (Note: These provisions do not apply to Defence NPPs that are subject to the Kinnaird two pass process).

Gateway is not an audit process nor does it replace an entity’s responsibility and accountability for decision making and implementation. Gateway plays a unique role in strengthening assurance and better practices, as well as building and sharing capability associated with the delivery and implementation of government programs and services.

There are six different reviews that occur at critical stages (or Gates or decision points) of a project’s lifecycle. These are:

Critical Gate

Focus of Review

Gate 0

Business Need - assures that the scope and purpose has been adequately assessed, communicated, fits within the entity's overall business strategy and/or whole-of-Government strategies and policies and that the expected benefits have been identified and measures have been considered.

Gate 1

Business Case - focuses on the robustness of a project's proposed approach to meeting the business requirement and can be delivered within the timeframe and with the resources provided. Assures that a benefits management approach has been applied, improvements are clearly defined and can be quantified.

Gate 2

Delivery Strategy – provides assurance that the procurement strategy: establishes a clear definition of the project and a plan for its implementation; has made an assessment of the project’s potential for success and benefits agreed upon in previous stages have been aligned to the delivery effort; and if the project is ready to invite proposals or tenders.

Gate 3

Investment Decision - providing assurance on the supplier selection: that the business needs are likely to be met through the project and contract management controls; and that the processes are in place for contract delivery. Assures that benefits management strategies and plans have been incorporated.

Gate 4

Readiness for Service - providing assurance on whether the solution is robust before delivery, assessing organisational readiness before and after delivery, and considers the basis for evaluating ongoing performance and that benefits are likely to be achieved.

Gate 5

Benefits Realisation - focuses on measuring the project’s success to date in achieving its objectives, expectations for the future and any potential remedial action.

There are three different review stages that occur for programs, these are:

Critical Stage


First stage review

Conducted before or soon after Government approval. It assists entities in defining the program by examining the business need and formulation of the business case. Can also be conducted whenever the priority or the scope of the program changes significantly.

Mid stage review

Focus is on assessing the program execution with the number of these reviews being determined by the complexity, timeframe and risks attached to the program

Final stage review

 Focus is on program closure, including program controls, records management and the identification and application of lessons learned as well as the delivery of the intended outcomes and benefits. 

Blended Gateway Reviews

Programs do not always fit neatly into the existing structured Gateway process for projects (from Gates 0 to 5) because programs can represent a series of interrelated projects with a common objective, or a broad framework or policy concept that may result in a series of largely independent smaller projects (potentially all at different stages of implementation).

A ‘blended’ review approach (where a program review is combined with the review of a constituent project that may be critical to the overall success of the program) can help to reduce the review burden on entities while simultaneously providing program strategic alignment and project milestone delivery assurance.

Intermediate Assessments

A significant lag can sometimes occur between assurance reviews.  This is most manifest in complex ICT and construction projects – during the critical ‘build’ stages of implementation (between Gateway 3 and Gateway 4).

Intermediate Assessments are based on the principles of the existing Gate 0 Business Need Review, and provide entities with interim assurance focused on the strategic alignment, the strength of the business case and efforts to optimise benefits to Government.  Additionally, the Intermediate Assessment can assist to highlight key risks and to reconfirm stakeholder commitment.

The timing of Intermediate Assessments will take into consideration planned reviews and key decision points, ensuring that no more than 18 months elapses between centrally commissioned reviews.  In doing so, the Intermediate Assessment promotes better implementation by entities and provides the opportunity for earlier intervention by government where delivery significantly slips.

Enhanced Notification Process and Assurance of Action Plans (for Gateway)

An enhanced notification process is in place so that, if a program or project is experiencing

problems, early remedial intervention can occur. The process involves the Finance Secretary writing to the relevant accountable authority to advise that the Assurance Review team has raised concerns, which may have a bearing on the likelihood of achieving the intended outcomes and benefits. This advice, which includes notification of all recommendations made in the Gateway review report, asks the entity to consider appropriate escalation action, including where appropriate advising the relevant minister/s, the Secretaries of the Department of the Prime Minister and Cabinet, and the Department of Finance, and further investigating the findings through separate in-depth inquiry or review. Enhanced notification applies throughout the program life-cycle and is triggered by incidences of red or sequential amber/red and amber DCA ratings.

If a second enhanced notification letter is subsequently issued, a remedial action plan will be required.  Entities may be offered a one-day Assurance of Action Plan (AAP) review, led by the Review Team Leader from the preceding review to provide constructive and timely assistance to the SRO in finalising their action plan.

Implementation Readiness Assessments

The IRA provides assurance to Government and entity accountable authorities that necessary implementation planning activities have taken place and that significant issues are identified early in the development phase. An IRA typically occurs at the final stages of the development process prior to consideration by decision makers. If an IRA is commissioned, any requirement for a Gateway review will be superseded.

In some circumstances, it is not always logistically possible to conduct an IRA in time to inform government deliberations of the proposal. Where this occurs, an IRA may still be applied with the review findings to be included in a letter from the Minister of Finance to the Prime Minister copied to the relevant portfolio Minister and the Treasurer.

IRAs focus on six high level topic areas which assist in determining entity preparedness for the implementation of a policy initiative.  An IRA is designed to assess the program implementation strategy against its specified objectives, provide early identification of any areas that may require corrective action, and increase confidence that a program implementation strategy is effective and conclusive.

Difference between Gateway and the IRA

There are important differences in the objectives of the different reviews, the key differences are:

  • An IRA is a one-off review that in most cases occurs pre-decision, whereas Gateway Reviews occur throughout the program/project lifecycle;
  • An IRA report is provided to entities, central entities and to Government to support the decision making process, whereas Gateway reports are provided to the SRO identified within the sponsoring entity to support the successful delivery of programs or projects.

The IRA is specifically focused on reviewing policy proposals, where logistically possible, prior to seeking a Government decision. IRAs focus strategically on key areas in determining the capability and preparedness of the entity(s) in planning to implement a proposal and, in doing so, provide entities with the opportunity to gain independent assurance on how well practical delivery issues are being addressed. IRA’s are intended to provide both Government and the sponsoring entity with sound advice that provides assurance about the likely success of high‑risk programs/projects.

Risk Potential Assessment Tool

A Risk Potential Assessment Tool (RPAT) must be completed for each New Policy Proposal

(NPP) with an estimated financial implication of $30 million or above.  The RPAT may still be used as an opt-in better practice measure for NPPs with financial implications of less than $30 million (refer relevant Estimates Memoranda). The RPAT assists entities to determine and communicate the potential risk of a proposal to ministers before seeking Cabinet’s agreement. The risk rating of a proposal can also inform whether additional assurance processes should be applied.

Commissioning of Assurance Reviews

Decisions to commission Assurance Reviews are made by Government, usually during the pre‑budget considerations of NPPs and Portfolio Budget Submissions. In exceptional circumstances, the Minister for Finance, in consultation with the Prime Minister and the Treasurer, would make the decision to commission an Assurance Review.

In the first instance, proposals would be identified as possible candidates by Finance, having regard to the implementation and delivery risks and the strategic importance of the proposals to the government. Commissioning of Assurance Review process:

Assurance Reviewers

A Review Team will usually consist of a Review Team Leader and up to three Review Team Members. The Assurance Reviews Unit consults with the sponsoring entity to determine the optimal composition of the Review Team for each review.

Assurance Reviewers have extensive expertise and experience in their field, and have been accredited by the Assurance Reviews Unit. Reviewers may be sourced from the public or private sectors, depending upon their suitability and availability for a project/ program review.

Assurance Reviewers are selected to participate on an Assurance Review for their expertise, and not to represent their entity or firm.

The Role of the Entity

Participants from the sponsoring entity should engage fully in the process, demonstrating a willingness to share information openly and honestly. This will assist in building a collaborative working relationship among the participants, and result in the production of a fully informed and useful Review Report.

Did you find this content useful?