ICT Projects and Programmes – Assurance Plan Review Checklist
Project / Programme Name:Assurance Plan Version Number / Date: / Date Reviewed:
# / Question / Y/N / Feedback
1 / Will the assurance plan be approved by the SRO?
Check the document history for evidence of review and feedback from the SRO on any drafts. The final copy of the assurance plan should include the sign off date by the SRO.
2 / Will the assurance plan be endorsed by the Project / Programme Board?
The final copy of the assurance plan should include the sign off date by the Project / Programme Board. For high risk / high value projects and programmes, the assurance plan should be endorsed by the CE.
3 / Does the assurance plan include an endorsement by the GCIO ICT Assurance team?
The final copy of the assurance plan should include the sign off date by the GCIO ICT Assurance team.
4 / Does the assurance plan provide adequate context on the project / programme objectives and outcomes?
5 / For programmes only, does the assurance plan include a high level overview and timeline of how the programme is structured in terms of tranches and/or projects?
6 / Are estimated WOLC costs / benefits / duration included?
7 / Is the Risk Profile Assessment (RPA)indicative risk rating included?
8 / Does the assurance plan provide adequate information on project / programme risks and critical success factors?
The assurance plan should include strategic risks as well as project / programme delivery risks and critical success factors.
9 / Is the overall assurance approach clearly articulated?
The overall assurance approach should summarise the key internal and external assurance activities, their purpose and intended audience. For high risk / high value projects and programmes, Gateway reviews and monitoring by the Treasuryteam should be included.
10 / Does the assurance plan include specific lessons learned relevant to the project / programme?
The assurance plan should show how specific lessons learned have been incorporated into the overall assurance approach.
11 / Doesthe assurance plan refer to a formal project / programme management methodology e.g.PRINCE2 or Managing Successful Programmes (MSP)or equivalent?
12 / Does the assurance plan clearly state assurance roles and responsibilities at the governance level?
For example,
- Who is responsible for reviewing and updating the assurance plan?
- How will progress against the assurance plan be monitored at the governance level?
- Who will receive copies of assurance reports? For high risk / high value projects and programmes, assurance reports should be sent to the CE as a matter of course.
- How will the status of issues raised in assurance reports be tracked and reported at the governance level?
13 / Are estimated assurance costs included in the assurance plan and have they been budgeted for by the project / programme?
14 / Are the types and levels of assurance appropriate for the project / programme?
For example,
- Does the assurance plan cover all the critical milestones / decision points?
- Does the assurance plan include TQA reviews appropriate for the technology being implemented?
- Does the assurance plan include a probity audit for significant procurement activities?
- Does the assurance plan include assurance activities related to benefits realisation?
- For high risk / high value projects and programmes, are Gateway reviews included? Are IQAs scheduled before Gateway reviews?
- Are assurance activities appropriate based on project / programme risks e.g. security and privacy, vendor, and change management risks?
- Is it clear how critical project / programme dependencies will be managed?
15 / Are decision-making authorities clear for the specific terms of reference for each type of assurance activity?
GCIO ICT Assurance Tracking Reference #
ICT P&P Assurance Plan Review Checklist V1.0 / August 2014 / Page 1 of 2