Assurance guidance for Senior Responsible Owners
This page provides Senior Responsible Owners (SROs) of high risk digital investments with an overview of their assurance accountabilities and the core expectations of the Government Chief Digital Officer (GCDO).
Our pocket guide for SROs summarises the information on this page.
Pocket guide for SROs (PDF 707KB)
Role of System Assurance
The GCDO has a core responsibility to provide Ministers and other key stakeholders with confidence that the system of assurance supporting digital government outcomes is effective.
To enable the GCDO to fulfil this responsibility, the System Assurance team has an independent assurance oversight role over high risk digital investments to ensure:
- They have fit-for-purpose assurance plans in place
- They obtain high quality assurance information to support decision-making.
This requires us to work closely with SROs of high risk digital investments to provide assurance planning advice and support.
Our definition of assurance…
‘An independent and objective assessment that provides credible information to support decision-making.’
Role of the SRO
The SRO has overall accountability for the success of the investment and is the key decision maker. Their role is to ensure that the delivery team is focused on achieving its objectives and provide confidence to the Chief Executive that the investment will deliver the expected outcomes and benefits.
A key responsibility of the SRO is to ensure the assurance approach is fit-for-purpose. This means the SRO needs to engage with and approve the following assurance artefacts:
- Assurance plan
- Terms of reference for independent assurance reviews
- Assurance reports.
‘Being engaged in assurance planning enables the SRO to insist on a tailored and insightful review.’
Initial SRO briefing
To support the SRO to fulfil their core assurance accountabilities, the System Assurance team will run an initial briefing session to ensure that the SRO has a clear understanding of their key responsibilities and how to apply the principles of good assurance.
As an output of the briefing, we will agree an engagement plan with the SRO. The nature and frequency of engagement will depend on a number of factors, including the complexity and risk of the investment, the agency’s Investor Confidence Rating and previous experience, the level of oversight by Internal Audit and our previous experience of similar initiatives.
Value of assurance
The governance body plays a key role in supporting the SRO to exercise their decision-making authority. An effective governance body provides oversight and challenge with a focus on important risks and issues. This includes ensuring that there is a robust assurance regime in place.
‘High quality assurance information helps governance bodies to focus on actions that will make the difference.’
Improving delivery confidence
It is easy to get caught up in the day-to-day activity of delivery. We are managing issues every day and have them under control. So why do we need assurance? The reality is that we often cannot see the ‘wood for the trees’ and underestimate the likelihood of risks impacting on us (optimism bias).
Assurance can help us step back from the day-to-day activity and identify potential ‘blind spots’ so that we have early warning and can rectify them before they start to impact on outcomes.
Applying the principles of good assurance throughout the investment lifecycle
‘I have a high risk investment. How do I ensure that I am set up to succeed?’
- Do I have the right skills and experience on my governance body to support effective decision-making?
- Does my governance body understand their roles and responsibilities for good assurance and is this clear in the terms of reference?
- Is the business case supported by an assurance plan?
- Are assurance activities budgeted for in the business case?
- What lessons can be learned from similar change initiatives and have these been incorporated into the assurance approach?
How do I know the assurance approach is fit-for-purpose?
- Is there a clear link between the risks to achieving the investment outcomes and the planned assurance activities?
- Is there a clear relationship between the planned assurance activities and key decision points?
- Is the assurance plan tailored to the delivery approach?
- Have I planned for technical quality assurance as early as possible in the lifecycle?
- Does assurance cover inter-agency, sector and All-of-Government impacts including stakeholder engagement activities?
- Is the assurance plan regularly reviewed by the governance body to ensure it continues to be fit-for-purpose?
How do I use independent assurance to assess delivery confidence?
- What information do I need to provide confidence to my Chief Executive and other key stakeholders?
- What areas of concern have been raised by key stakeholders and how will their questions be answered by the review?
- How will the review assess the key risks to delivery and their potential impact on outcomes?
- What due diligence have we undertaken on vendors to identify risks to delivery?
- Does the review team have the experience to effectively assure an initiative of my scale and complexity?
- Are the deliverables clearly defined in the terms of reference?