This Q&A is intended to assist Senior Responsible Officials (SROs) undertaking an assurance review. It provides an overview and practical guidance for SROs. Additional assistance is available from the Assurance Reviews Unit (ARU) in Finance. The SRO is encouraged to contact the ARU at any point to seek advice or to discuss any queries or concerns. In the event of any methodological issues arising in relation to an assurance review, these should be raised with the ARU at the earliest opportunity.
At a glance
The Q&A supports and should be read in conjunction with the publication, Guidance on the Assurance Reviews Process Resource Management Guide No. 106 (the Guidance).
What is the purpose of the assurance review process?
Assurance reviews support the SRO’s responsibility to achieve the entity’s programme objectives. Every Commonwealth entity has its own structures and resources for carrying out internal reviews of its programmes and projects. The assurance reviews process provides a snapshot of progress at a point in time and should be seen as complementary to the internal processes, not a replacement.
Assurance reviews involve the participation of the sponsoring entity, a review team, central entities, the Assurance Reviews Unit (ARU) on behalf of Finance and other key stakeholders. The reviews are undertaken by an independent Review Team (appointed by Finance) with the appropriate skills and expertise.
The SRO is the official within a sponsoring entity who is the single point of overall accountability for the successful realisation of programme/project outcomes and objectives. Typically, the SRO would be an officer at the Senior Executive Service Band 2 or Band 3 level.
The SRO also has the authority to make decisions affecting the progress of the programme or project. However, the SRO is not responsible for the day-to-day management of a programme or project.
What is the role of the SRO?
The SRO is responsible for meeting the sponsoring entity’s obligations in preparing for, participating in, and implementing the recommendations of an assurance review.
The assurance review report represents the advice from the review team to the SRO who is then responsible for determining the response to the recommendations contained in the report. Proactive involvement of the SRO throughout an assurance review helps to maximise the benefits for the programme or project that is the subject of the review.
How does the SRO prepare for the review?
Assurance reviews are scheduled in consultation with the ARU. While the aim is to minimise the disruption to a programme/project, the SRO should commit the necessary time for the entity and for the programme/project team during the review.
In the lead up to an assurance review the SRO should aim to:
- liaise with the ARU to discuss review preparations and to specify the skill requirements and security clearance needed for the review team members, and in some instances, to attend an Assessment Meeting;
- attend the Planning Meeting to brief the review team on key aspects of the programme or project;
- ensure the logistical requirements associated with the Planning Meeting and the on-site review activity are arranged;
- ensure meetings with stakeholders, as requested by the review team, are scheduled in time for the on-site review activity; and
- ensure requested documents are located and made available to the review team prior to and during the review as required.
What is required of the SRO during the review?
During the on-site review activity the SRO must ensure that the review team has full and timely access to requested stakeholders and documentation. The SRO should ensure that the assurance review team is:
- provided with documentation requested at the Planning Meeting prior to the review; and
- provided with documentation requested during the review within one business day of the request.
The SRO should be available to attend a briefing by the review team on each day of the on-site review activity. This ensures the SRO is made aware of any emerging findings and that there are ‘no surprises’ in the final review report. During these briefings, the SRO may seek any clarification required from the review team, or correct any factual errors, particularly in the content of the draft report.
The SRO should be mindful that it is essential to the success of the assurance review that the review team maintains its independence. The review team may examine any issues and documentation it feels are relevant to the review. The review team is not restricted by the suggested topics, questions or documents set out in the guidance publications; these are not intended to provide an exhaustive list of all issues to be covered during a review, but to provide guidance on the sort of issues that could be looked at.
The review report will follow an evidence-based approach derived from stakeholder interviews and project management documentation and will include:
- an overall conclusion on the programme/project's status and its readiness to progress to the next phase (Gateway) or significant challenges to implementation (IRA);
- findings and recommendations;
- an indication of how critical its recommendations are;
- background to the programme/project, including its origin, the outcomes it seeks to achieve, and how those outcomes link to the entity’s business strategy and/or high level policy objectives;
- the purpose and scope of the current review; and
- logistics of the assurance review (SRO’s details, dates of the review activities, information on interviewees and the project documentation reviewed, and the review team membership).
What is required post-review?
The final review report is provided to the SRO at the conclusion of the review. The report represents the advice from the review team to the SRO. The responsibility for deciding on appropriate action in response to the recommendations in an assurance review report remains entirely with the SRO and the sponsoring entity.
An assurance review does not change the accountability of entities for their programmes/projects in any way. The SRO is encouraged to ensure the entity programme/project management board, accountable authority and where appropriate, the responsible minister are properly informed of the progress of the programme or project , including the outcomes of the review.
It is left to the SRO to determine who has access to the Gateway review report, and to ensure that any requests made under the Freedom of Information Act 1982 are handled appropriately by the sponsoring entity.
At the conclusion of each review, the Review Team Leader (RTL) provides a copy of the review report to the ARU. This is intended to facilitate an early understanding of issues arising from reviews and to enable timely compilation and dissemination of non-attributable Lessons Learned reports.
A copy of the review report is also provided to the next review team prior to the planning meeting as part of the pre-reading documentation for any subsequent review.
For the purpose of an IRA, the report is made available to the responsible minister, the portfolio secretary and/or entity accountable authority, the SRO, Finance, the Department of the Prime Minister and Cabinet (PM&C) and the Department of the Treasury. Finance will also refer to the outcome of the IRA in a briefing provided to Government. In limited scenarios where an IRA is applied post government decision, the IRA assessment will be included in a letter from the Minister of Finance to the Prime Minister, copied to the responsible minister and the Treasurer.
What is the Enhanced Notification process and when does it apply?
The Enhanced Notification (EN) process operates to ensure that key stakeholders are provided the earliest possible warning of increased risk of delivery failure, and an opportunity to initiate prompt action to get things back on track.
The EN is a staged escalation process, which involves the Finance Secretary writing to the relevant entity accountable authority to advise that the assurance review team has raised concerns, which may have a bearing on the likelihood of achieving the intended outcomes and benefits. This advice, which includes notification of all recommendations made in the Gateway review report, asks the entity to consider suitable escalation action, including where appropriate, advising the responsible minister, the Secretaries of the Department of the Prime Minister and Cabinet, and the Department of Finance, and further investigating the findings through separate in-depth inquiry or review. The EN process may apply at any time throughout the programme/project life-cycle if it is triggered by a Delivery Confidence Assessment (DCA) of red or sequential amber/red or amber ratings.
Subsequently, if a second EN letter is issued, a remedial action plan will be required. Entities may be offered a one-day Assurance of Action Plan (AAP) review, led by the RTL from the preceding review to provide constructive and timely assistance to the SRO in finalising the entity’s action plan.
Why are independence, confidentiality and cooperation important to the assurance review?
Independence-to maintain the independence of the review team, the sponsoring entity or SRO cannot limit the way the review is conducted, what issues are covered by, or excluded from, the review. In addition, they cannot limit the review team’s access to interviewees or to any relevant documentation or alter the recommendations which appear in the final review report.
Further to this, the sponsoring entity or the SRO should not request that the review team take on additional work relating to the programme or project on behalf of the sponsoring entity while undertaking the review. This includes asking the review team to address areas outside the scope of the review or making presentations about the review findings after the on-site review activity is complete.
Confidentiality-the success of an assurance review is dependent on maintaining the commitment to confidentiality through all aspects of the review process. For this reason the review team will meet with programme/project personnel and other stakeholders individually unless otherwise specified by the review team. Meetings are held in-confidence with no scribes or transcripts. There are no attributions of individual comments in an assurance review report. The only permanent record of the review process and discussions is the final review report. All programme/project information is left with the entity and the review team’s personal notes are destroyed on the final day of the review.
Cooperation-the philosophy underpinning assurance reviews is one of collaboration. It is very difficult for a review team to add value to a programme or project unless it is given full cooperation as defined by the principles outlined in this brochure and the Guidance and Handbook publications. These are independence, full access and confidentiality.
The decision as to whether full cooperation is being provided by a sponsoring entity rests with the RTL. If full cooperation is not provided during an assurance review, the review team can avail itself of a number of options for redress, including: mentioning the matter in the final report; making recommendations which identify the limitations placed on the assurance review team in relation to access to interviewees or information; or suspending and/or cancelling the review. The decision to cancel or suspend a review can be taken at any time.
If the review team feels it is receiving insufficient cooperation from the sponsoring entity to be able to continue with or complete an assurance review, it will consult with Finance. Following this consultation, should the review team decide to discontinue the review, it will advise the SRO and the ARU. The ARU will then advise the Secretary of the Department of Finance of its decision.
The costs incurred due to not proceeding with a review on this basis, or as a result of the cancellation of a review by the sponsoring entity, may be recovered from the sponsoring entity
These costs include, but are not limited to, travel and accommodation costs and consultancy fees incurred by the review team.
What are the responsibilities of the sponsoring entity in an assurance review?
To help make the review successful, the sponsoring entity is required to provide:
- pre-reading materials to the review team;
- a strategic presentation on the programme or project including budget, timetable and key deliverables;
- a schedule of confirmed appointments with stakeholders;
- a list of key documentation; and
- a suitable meeting room.
Further details of the entity’s responsibilities are provided to the sponsoring entity prior to a review.