[Agency Name]
[Project / Programme Name / Phase]
[Review Name]
Terms of Reference
[Version Number]
[Date]

Document Approval

Name / Title / Sign-off Date
Approved by Senior Responsible Officer (SRO)
Approved by Lead Reviewer
Endorsed by GCIO Assurance

[The Terms of Reference should be approved / endorsed as follows:

  • Approved by the SRO
  • Approved by the Lead Reviewer
  • Endorsed by GCIO Assurance (for high risk / high value ICT-enabled Projects and Programmes only)]

DOCUMENT CONTROL

Document History

Version / Issue Date / Author / Description of Changes

Key Contacts

Name / Title / Contact Details

Distribution List

Name / Title / Version

Contents

1.Background

2.Objectives

3.Scope

4.Approach

5.Review Team

6.Deliverables

7.Timetable

8.Estimated Charges

9.Conflicts of Interest

10.High Risk / High Value ICT-enabled Projects and Programmes

Appendix A – CVs

Appendix B – ToR Quality Checklist

1.Background

[Provide any relevant background information, including:

  • High level objectives and outcomes of the project or programme.
  • Whether the project or programme has a high risk rating (as determined by The Treasury’s Risk Profile Assessment[1]).
  • Current phase of the project or programme and key decision point / stage gate supported by the review.
  • Current status of the project or programme, including any areas of concern identified by the SRO or wider stakeholders.]

2.Objectives

[Clearly state the objectives of the review, including what the review is intended to provide assurance over and to whom. Where applicable, the review should include an update on the status of previous review recommendations.]

3.Scope

[Clearly state what areas are within the scope of the review and what areas are deemed to be out of scope. Any areas out of scope should be caveated by a statement that allows the Lead Reviewer to investigate any areas identified during the course of the review that may impact on successful delivery of the project or programme.]

4.Approach

[Describe the approach to the review, including:

  • The key activities to be undertaken from planning to delivery of the final Assurance Report and who will be responsible for undertaking the activities.
  • Any relevant methodologies (including agency specific or industry standards) that will be applied to the review.]

5.Review Team

[Identify each review team member and their role in the review team. As a minimum, this must include the Lead Reviewertogether with other key members of the review team e.g. specialists. Curriculum Vitae (CVs) must be provided for any named resources other than the Lead Reviewer.]

6.Deliverables

[Clearly state the deliverables from the review and who will receive copies of the Assurance Report.

The factual accuracy checking process should be clearly described.

It is expected that the finalAssurance Reportwill include a ‘Statement of Responsibility’ which must be signed off the SRO to confirm their acceptance of the review findings.

Providers must use the GCIO Report Rating System to assess ‘Delivery Confidence’ and prioritise recommendations in Assurance Reports for ICT-enabled Projects and Programmes.]

7.Timetable

[State the key dates for the review, including:

  • Start / end dates date for fieldwork
  • Draft Assurance Report issued (NB this is expected to be within five business days of fieldwork being completed)
  • Management responses (NB this is expected to be within 10 business days of the agency receiving the draft Assurance Report)
  • Final Assurance Report issued (NB this is expected to be within fivebusiness days of management responses being received from the agency.]

8.Estimated Charges

[Provide a detailed breakdown of the estimated charges, including the planned number of hours for each review team member. As a minimum, this must include the Lead Reviewer and any other named resources.

Any assumptions used in arriving at the estimated charges must be clearly stated.]

9.Conflicts of Interest

[Any conflicts of interest and how they are to be managed should be clearly stated.

All parties need to be aware of potential conflicts of interest both real and perceived. Independence and objectivity are critical to the delivery of Assurance Services to provide robust challenge. Examples include:

  • Personal relationships with agency personnel
  • Provision of Assurance Services to a project or programme where the Provider has or is currently providing technical or project management services
  • Providing consulting advice on how to fix issues identified during the course of an Assurance engagement.]

10.High Risk / High Value ICT-enabled Projects and Programmes

[For high risk / high value ICT-enabled Projects and Programmes:

  • Agencies must email a copy of the draft Terms of Reference to the GCIO Panel Manager() for endorsement. The GCIO Panel Manager will provide feedback to the agency within fivebusiness days.
  • Agencies must email a copy of the final Terms of Reference to the GCIO Panel Manager once it has been approved by the SRO and Lead Reviewer.
  • Agencies must email a copy of the draft Assurance Report (version post factual accuracy check) to the GCIO Panel Manager for a quality review. The GCIO Panel Manager will provide feedback to the agency within five business days
  • Agencies must email a copy of the final Assurance Report to the GCIO Panel Manager once it has been signed off by the SRO and Lead Reviewer.]

Appendix A – CVs

[Provide CVs for any named resources other than the Lead Reviewer.]

Appendix B – ToR Quality Checklist

Project / Programme Name / Phase:
TOR Version Number / Date:
Date Reviewed:
# / Question / Section / Y/N / Feedback
1 / The TOR should be approved / endorsed as follows:
  • Approved by the SRO
  • Approved by the Lead Reviewer
  • Endorsed by GCIO Assurance (for high risk / high value projects and programmes only.

2 / Does the ToR include relevant background information?
For example:
  • High level objectives and outcomes of the project or programme.
  • Whether the project or programme has a high risk rating.
  • Current phase of the project or programme and key decision point / stage gate supported by the review.
  • Current status of the project / programme, including any areas of concern identified by the SRO or wider stakeholders.

3 / Are the objectives of the review clearly defined?
What is the review is intended to provide assurance over and to whom? Where applicable, the review should include an update on the status of previous review recommendations.
4 / Does the review clearly state what areas are within the scope of the review and what areas are deemed to be out of scope?
Any areas out of scope should be caveated by a statement that allows the Lead Reviewer to investigate any areas identified during the course of the review that may impact on successful delivery of the project or programme.
5 / Is the approach to the review clearly described?
For example,
  • The key activities to be undertaken from planning to delivery of the final report and who will be responsible for undertaking the activities.
  • Any relevant methodologies (including agency specific or industry standards) that will be applied to the review.

6 / Are key members of the review team identified?
As a minimum, this must include the Lead Reviewer together with other key members of the review team e.g. specialists. CVs must be provided for any named resources other than the Lead Reviewer.
7 / Are the key deliverables from the review clear, including who will receive copies of the Assurance Report?
For example,
  • The factual accuracy checking process should be clearly described.
  • The final report should include a ‘Statement of Responsibility’ which must be signed off by the SRO to confirm their acceptance of the review findings.
  • Providers must be use the GCIO Reporting Rating System to assess ‘Delivery Confidence’ and prioritise recommendations.

8 / Are the key dates for the review clearly stated?
For example,
  • Start / end dates for fieldwork
  • Draft Assurance Report (within 5 business days of end of fieldwork)
  • Management responses received (within 10 business days of draft Assurance Report)
  • Final report issued (within 5 business days of management responses).

9 / Is there a detailed breakdown of the estimated charges, including the planned number of hours for each team member?
As a minimum, this must include the Lead Reviewer and any other named resources. Any assumptions used in arriving at the estimated charges must be clearly stated.
10 / Are conflicts of interest identified and effectively managed?
For example,
  • Personal relationships with agency personnel.
  • Provision of Assurance Services to a project or programme where the Provider has or is currently providing technical or project management services.
  • Providing consulting advice on how to fix issues identified during the course of an Assurance engagement.

ToR Template V1.0 FINAL / July 2015 / Page 1 of 9

[1]